npm - @lazyneoaz/metachat - Versions diffs - 1.0.4 → 1.0.5 - Mend

@lazyneoaz/metachat 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/utils/clients.js +18 -6

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lazyneoaz/metachat",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "type": "commonjs",
   "types": "src/types/index.d.ts",
   "description": "Advanced Facebook Chat API client for building Messenger bots — real-time messaging, thread management, MQTT, and session stability.",

package/src/utils/clients.js CHANGED Viewed

@@ -197,7 +197,11 @@ function parseAndCheckLogin(ctx, http, retryCount = 0) {
       log("Please verify your Facebook account status in a browser.");
     }
-    if (resStr.includes("https://www.facebook.com/login.php?") || String(res.redirect || "").includes("login.php?")) {
+    // Only treat a redirect to login.php as a session expiry if the server
+    // explicitly told us to go there via res.redirect — not if login.php appears
+    // anywhere in the body JSON, which it does on authenticated pages as a
+    // navigation/share link, causing false-positive session expiry errors.
+    if (String(res.redirect || "").includes("login.php")) {
       warn("Session Status", "Redirected to login page - Session expired");
       const err = new Error("Session expired - Redirected to login page");
       err.error = 401;
@@ -230,11 +234,19 @@ function saveCookies(jar) {
   return function (res) {
     const cookies = res.headers["set-cookie"] || [];
     cookies.forEach(function (c) {
-      if (c.indexOf(".facebook.com") > -1) {
-        jar.setCookie(c, "https://www.facebook.com");
-      }
-      const c2 = c.replace(/domain=\.facebook\.com/, "domain=.messenger.com");
-      jar.setCookie(c2, "https://www.messenger.com");
+      // Always attempt to save every Set-Cookie header to both domains.
+      // The old guard `c.indexOf(".facebook.com") > -1` silently dropped
+      // cookies whose domain attribute was `facebook.com` (no dot),
+      // `www.facebook.com`, or absent entirely.  Facebook rotates critical
+      // session cookies (xs, c_user, fr, etc.) continuously — missing a
+      // single update causes the jar to go stale and Facebook forces logout.
+      try { jar.setCookie(c, "https://www.facebook.com"); } catch (_) {}
+      // Mirror to messenger.com so MQTT / Messenger API calls stay authed.
+      const c2 = c
+        .replace(/domain=[^;]*/i, "domain=.messenger.com")
+        .replace(/secure;?\s*/i, "");
+      try { jar.setCookie(c2, "https://www.messenger.com"); } catch (_) {}
     });
     return res;
   };