@lazyneoaz/metachat 1.0.3 → 1.0.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lazyneoaz/metachat",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "type": "commonjs",
   "types": "src/types/index.d.ts",
   "description": "Advanced Facebook Chat API client for building Messenger bots — real-time messaging, thread management, MQTT, and session stability.",

package/src/engine/models/loginHelper.js

@@ -443,14 +443,12 @@ async function loginHelper(credentials, globalOptions, callback, setOptionsFunc,
                 return resolve(false);
               }
 
-              // Presence endpoint echoes the user ID when the session is live.
-              const uid = ctx.userID.toString();
-              const hasUserID = html.includes(uid) ||
-                                html.includes(`"actorID":"${uid}"`) ||
-                                html.includes(`"userID":"${uid}"`) ||
-                                html.includes(`"ACCOUNT_ID":"${uid}"`);
-
-              resolve(hasUserID);
+              // If we got a non-empty response that is neither a login page nor
+              // a checkpoint, the session is alive. The presence endpoint does
+              // NOT reliably echo the user ID in every response variant — a
+              // UID-presence check here produces false negatives that trigger
+              // unnecessary re-logins on perfectly valid sessions.
+              resolve(!!html);
             } catch (error) {
               utils.error("Session validation failed:", error.message);
               resolve(false);

package/src/utils/antiSuspension.js

@@ -47,10 +47,8 @@ const SUSPENSION_SIGNALS = [
     'temporarily blocked',
     'temporarily_blocked',
     'your account has been temporarily blocked',
-    'please try again later',
     'feature temporarily blocked',
     'feature temporarily unavailable',
-    'something went wrong',
     'automated behavior',
     'not a human',
     'bot detected',
@@ -66,7 +64,13 @@ const SUSPENSION_SIGNALS = [
     'blocked from sending',
     'disabled for violating',
     'policy violation',
-    'action blocked',
+    'action blocked'
+];
+
+// Session-expiry phrases that must NOT be treated as suspension signals.
+// Confusing session expiry with suspension trips the circuit breaker and
+// prevents re-login, turning a normal logout into a permanent lockout.
+const SESSION_EXPIRY_SIGNALS = [
     'session expired',
     'session has expired',
     'not logged in',
@@ -441,13 +445,20 @@ class AntiSuspension {
     /**
      * Prepare before sending — single delay model.
      * Enforces thread throttle and volume limits, respects circuit breaker.
-     * If volume limits are reached, throws to protect the account.
+     * If the circuit breaker is tripped (checkpoint/suspension detected) or
+     * volume limits are reached, throws to protect the account.
      */
     async prepareBeforeMessage(threadID, message) {
         if (this.isCircuitBreakerTripped()) {
             const remaining = this.getCircuitBreakerRemainingMs();
-            const waitMs = Math.min(remaining, 8000);
-            if (waitMs > 0) await new Promise(resolve => setTimeout(resolve, waitMs));
+            const { utils } = this._getUtils();
+            utils && utils.warn && utils.warn("AntiSuspension",
+                `Circuit breaker is tripped. Blocking message send to protect account. ` +
+                `Cooldown remaining: ${Math.ceil(remaining / 1000)}s`);
+            const err = new Error(`Circuit breaker is tripped. Pausing sends to protect account. Retry in ${Math.ceil(remaining / 1000)}s.`);
+            err.error = 'circuit_breaker_tripped';
+            err.remainingMs = remaining;
+            throw err;
         }
 
         const volumeWarning = this.checkVolumeLimit(threadID);
@@ -512,6 +523,7 @@ module.exports = {
     AntiSuspension,
     globalAntiSuspension,
     SUSPENSION_SIGNALS,
+    SESSION_EXPIRY_SIGNALS,
     initAntiSuspension: () => globalAntiSuspension,
     getAntiSuspensionConfig: () => globalAntiSuspension.getConfig()
 };

package/src/utils/autoReLogin.js

@@ -88,6 +88,12 @@ class AutoReLoginManager {
             if (this.onReLoginFailure) {
                 this.onReLoginFailure(new Error("Max re-login retries exceeded"));
             }
+            // Schedule a reset so the next session-expiry event can try again
+            // instead of permanently blocking all future re-login attempts.
+            setTimeout(() => {
+                this.retryCount = 0;
+                utils.log("AutoReLogin", "Retry counter reset after cooldown — re-login re-enabled");
+            }, 5 * 60 * 1000); // 5-minute cooldown before allowing new attempts
             return false;
         }
 

package/src/utils/axios.js

@@ -86,13 +86,15 @@ async function inspectResponseForSessionIssues(adapted, ctx) {
         throw err;
     }
 
-    // Detect session expiry / forced logout
+    // Detect session expiry / forced logout.
+    // Use only unambiguous structural markers that appear exclusively on the
+    // actual login page — NOT generic strings like '"login.php?"' or
+    // '"login_page"' which Facebook embeds in authenticated page payloads as
+    // navigation links and client-side route names, causing false positives.
     const isLoginRedirect =
-        bodyStr.includes('"login.php?') ||
-        bodyStr.includes('https://www.facebook.com/login.php') ||
         bodyStr.includes('<form id="login_form"') ||
         bodyStr.includes('id="loginbutton"') ||
-        bodyStr.includes('"login_page"');
+        bodyStr.includes('id="email" name="email"');
 
     const isLoginBlocked =
         typeof body === 'object' && body !== null && body.error === 1357001;