@lazyneoaz/metachat 1.0.5 → 1.0.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lazyneoaz/metachat",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "type": "commonjs",
   "types": "src/types/index.d.ts",
   "description": "Advanced Facebook Chat API client for building Messenger bots — real-time messaging, thread management, MQTT, and session stability.",

package/src/apis/getThreadList.js

@@ -53,13 +53,18 @@ function formatThreadGraphQLResponse(messageThread) {
   const lastR = messageThread.last_read_receipt;
   const lastReadTimestamp = lastR?.nodes?.[0]?.timestamp_precise || null;
 
+  // Guard: all_participants or edges can be absent on restricted/deleted threads
+  const edges = (messageThread.all_participants && Array.isArray(messageThread.all_participants.edges))
+    ? messageThread.all_participants.edges
+    : [];
+
   return {
     threadID: threadID,
     threadName: messageThread.name,
-    participantIDs: messageThread.all_participants.edges.map(
+    participantIDs: edges.map(
       (d) => d.node.messaging_actor.id,
     ),
-    userInfo: messageThread.all_participants.edges.map((d) => {
+    userInfo: edges.map((d) => {
       const p = d.node.messaging_actor;
       return {
         id: p.id,

package/src/apis/listenMqtt.js

@@ -1007,7 +1007,32 @@ module.exports = (defaultFuncs, api, ctx, opts) => {
             ? ctx._middleware.wrapCallback(baseCallback)
             : baseCallback;
 
+        // Replace ctx._emitter with the new MessageEmitter, but first migrate
+        // any existing listeners so they are not silently orphaned.
+        // Listeners added via api.on() before listenMqtt() was called live on the
+        // old emitter; without migration they would never fire again.
+        const prevEmitter = ctx._emitter;
         ctx._emitter = msgEmitter;
+        if (prevEmitter && prevEmitter !== msgEmitter && typeof prevEmitter.eventNames === 'function') {
+            try {
+                const LIFECYCLE_EVENTS = [
+                    'sessionExpired', 'checkpoint', 'relogin', 'ready',
+                    'account_inactive', 'checkpoint_282', 'checkpoint_956', 'error'
+                ];
+                for (const event of LIFECYCLE_EVENTS) {
+                    const listeners = prevEmitter.rawListeners ? prevEmitter.rawListeners(event) : [];
+                    for (const listener of listeners) {
+                        msgEmitter.on(event, listener);
+                    }
+                }
+            } catch (_) {}
+        }
+
+        // Reset reconnect-blocking flags — calling listenMqtt() always means
+        // "start fresh". Without this, ctx._ending left behind by stopListening()
+        // or emitAuthError() would permanently block scheduleReconnect().
+        ctx._ending = false;
+        ctx._cycling = false;
 
         ctx._listeningActive = true;
         ctx._lastListenCallback = callback || null;

package/src/apis/logout.js

@@ -11,50 +11,87 @@ const utils = require('../utils');
 module.exports = function (defaultFuncs, api, ctx) {
   /**
    * Logs the current user out of Facebook.
-   * @returns {Promise<void>} A promise that resolves when logout is successful or rejects on error.
+   *
+   * Strategy:
+   * 1. Try to fetch the settings-menu endpoint and parse the logout form from
+   *    the jsmods response (legacy path, may break if Facebook restructures).
+   * 2. If that fails for any reason, fall back to posting directly to
+   *    /logout.php using the session token already in ctx.fb_dtsg.  This is
+   *    reliable as long as the session is still valid.
+   *
+   * @returns {Promise<void>}
    */
   return async function logout() {
-    const form = {
-      pmid: "0",
-    };
-
+    // ── Path 1: Parse logout form from settings menu ──────────────────────
     try {
       const resData = await defaultFuncs
         .post(
           "https://www.facebook.com/bluebar/modern_settings_menu/?help_type=364455653583099&show_contextual_help=1",
           ctx.jar,
-          form,
+          { pmid: "0" },
         )
         .then(utils.parseAndCheckLogin(ctx, defaultFuncs));
 
-      const elem = resData.jsmods.instances[0][2][0].find(v => v.value === "logout");
-      if (!elem) {
-        throw { error: "Could not find logout form element." };
+      // Guard every access — Facebook restructures this response frequently.
+      const instances = resData?.jsmods?.instances;
+      const firstGroup = Array.isArray(instances) && instances[0] && instances[0][2] && instances[0][2][0];
+      const elem = firstGroup && Array.isArray(firstGroup) ? firstGroup.find(v => v.value === "logout") : null;
+
+      if (elem) {
+        const markup = resData?.jsmods?.markup;
+        const markupEntry = Array.isArray(markup) ? markup.find(v => v[0] === elem.markup?.__m) : null;
+        const html = markupEntry?.[1]?.__html;
+
+        if (html) {
+          const logoutForm = {
+            fb_dtsg: utils.getFrom(html, '"fb_dtsg" value="', '"') || ctx.fb_dtsg,
+            ref: utils.getFrom(html, '"ref" value="', '"'),
+            h: utils.getFrom(html, '"h" value="', '"'),
+          };
+
+          const logoutRes = await defaultFuncs
+            .post("https://www.facebook.com/logout.php", ctx.jar, logoutForm)
+            .then(utils.saveCookies(ctx.jar));
+
+          if (logoutRes.headers && logoutRes.headers.location) {
+            await defaultFuncs
+              .get(logoutRes.headers.location, ctx.jar)
+              .then(utils.saveCookies(ctx.jar));
+            ctx.loggedIn = false;
+            utils.log("logout", "Logged out successfully (path 1).");
+            return;
+          }
+          // If no redirect location, fall through to path 2
+        }
       }
-      
-      const html = resData.jsmods.markup.find(v => v[0] === elem.markup.__m)[1].__html;
-      
+    } catch (_) {
+      // Settings-menu path failed — continue to fallback
+    }
+
+    // ── Path 2: Direct logout using ctx.fb_dtsg ───────────────────────────
+    // This path works as long as the session token in ctx is valid.
+    // It does NOT require parsing the settings-menu HTML.
+    try {
       const logoutForm = {
-        fb_dtsg: utils.getFrom(html, '"fb_dtsg" value="', '"'),
-        ref: utils.getFrom(html, '"ref" value="', '"'),
-        h: utils.getFrom(html, '"h" value="', '"'),
+        fb_dtsg: ctx.fb_dtsg || "",
+        ref: "mb",
+        h: "",
       };
 
       const logoutRes = await defaultFuncs
         .post("https://www.facebook.com/logout.php", ctx.jar, logoutForm)
         .then(utils.saveCookies(ctx.jar));
 
-      if (!logoutRes.headers || !logoutRes.headers.location) {
-        throw { error: "An error occurred when logging out." };
+      if (logoutRes.headers && logoutRes.headers.location) {
+        try {
+          await defaultFuncs
+            .get(logoutRes.headers.location, ctx.jar)
+            .then(utils.saveCookies(ctx.jar));
+        } catch (_) {}
       }
 
-      await defaultFuncs
-        .get(logoutRes.headers.location, ctx.jar)
-        .then(utils.saveCookies(ctx.jar));
-      
       ctx.loggedIn = false;
-      utils.log("logout", "Logged out successfully.");
-
+      utils.log("logout", "Logged out successfully (path 2).");
     } catch (err) {
       utils.error("logout", err);
       throw err;

package/src/engine/models/buildAPI.js

@@ -84,6 +84,13 @@ async function buildAPI(html, jar, netData, globalOptions, fbLinkFunc, errorRetr
     const emitter = new EventEmitter();
     emitter.setMaxListeners(50);
 
+    // Pre-compute ttstamp so it is present from the very first request.
+    // tokenRefresh.js sets this field on every refresh — initialising it here
+    // keeps ctx consistent and prevents undefined reads before the first refresh.
+    const ttstamp = dtsgResult.fb_dtsg
+        ? "2" + Array.from(dtsgResult.fb_dtsg).map(c => c.charCodeAt(0)).join("")
+        : "2";
+
     const ctx = {
         userID,
         jar,
@@ -108,6 +115,7 @@ async function buildAPI(html, jar, netData, globalOptions, fbLinkFunc, errorRetr
         cache: new SimpleCache(),
         validator: globalValidator,
         _emitter: emitter,
+        ttstamp,
         ...dtsgResult,
     };
     const defaultFuncs = utils.makeDefaults(html, userID, ctx);

package/src/engine/models/loginHelper.js

@@ -317,13 +317,18 @@ async function loginHelper(credentials, globalOptions, callback, setOptionsFunc,
 
         // Expose EventEmitter interface on the API so consumers can subscribe to
         // key lifecycle events: 'sessionExpired', 'checkpoint', 'relogin', 'ready'
-        const emitter = ctx._emitter;
-        if (emitter) {
-            api.on  = (event, listener) => emitter.on(event, listener);
-            api.once = (event, listener) => emitter.once(event, listener);
-            api.off  = (event, listener) => emitter.removeListener(event, listener);
-            api.emit = (event, ...args)  => emitter.emit(event, ...args);
-            api.removeAllListeners = (event) => emitter.removeAllListeners(event);
+        //
+        // IMPORTANT: Use ctx._emitter dynamically (not a captured snapshot).
+        // listenMqtt() replaces ctx._emitter with a fresh MessageEmitter on every
+        // call. Capturing the initial emitter here would orphan any listeners added
+        // via api.on() after listenMqtt() runs — they would never receive events
+        // because the emitter they registered on is no longer the active one.
+        if (ctx._emitter) {
+            api.on  = (event, listener) => ctx._emitter.on(event, listener);
+            api.once = (event, listener) => ctx._emitter.once(event, listener);
+            api.off  = (event, listener) => ctx._emitter.removeListener(event, listener);
+            api.emit = (event, ...args)  => ctx._emitter.emit(event, ...args);
+            api.removeAllListeners = (event) => ctx._emitter.removeAllListeners(event);
         }
 
         const { TokenRefreshManager } = require('../../utils/tokenRefresh');

package/src/utils/autoReLogin.js

@@ -121,9 +121,35 @@ class AutoReLoginManager {
                         }
                         
                         if (api) {
-                            api.ctx = newApi.ctx;
-                            api.defaultFuncs = newApi.defaultFuncs;
-                            
+                            // CRITICAL FIX: Update the live ctx object IN-PLACE instead of
+                            // replacing api.ctx. Every API method closure (sendMessage,
+                            // listenMqtt, etc.) captured the original ctx variable — replacing
+                            // the reference leaves all of them with stale tokens forever.
+                            // Updating in-place means all closures immediately see fresh values.
+                            const liveCtx = api.ctx;
+                            if (liveCtx && newApi.ctx) {
+                                const sessionFields = [
+                                    'fb_dtsg', 'jazoest', 'lsd', 'ttstamp',
+                                    'mqttEndpoint', 'lastSeqId', 'appID', 'clientID',
+                                    'userAppID', 'mqttAppID', 'userID', 'region',
+                                    'access_token'
+                                ];
+                                for (const field of sessionFields) {
+                                    if (newApi.ctx[field] !== undefined) {
+                                        liveCtx[field] = newApi.ctx[field];
+                                    }
+                                }
+                                // Reset flags that block MQTT reconnection after re-login
+                                liveCtx.loggedIn = true;
+                                liveCtx._ending = false;
+                                liveCtx._cycling = false;
+                                liveCtx._mqttReauthing = false;
+                            }
+
+                            // Do NOT replace api.defaultFuncs — the existing closures already
+                            // reference the live (now-updated) ctx, so they will pick up fresh
+                            // tokens without needing new function objects.
+
                             if (api.tokenRefreshManager) {
                                 api.tokenRefreshManager.resetFailureCount();
                             }
@@ -216,9 +242,10 @@ class AutoReLoginManager {
     updateAppState(appState) {
         if (!this.credentials) return;
         if (!Array.isArray(appState) || appState.length === 0) return;
-        if (!this.credentials.appState || Array.isArray(this.credentials.appState) || typeof this.credentials.appState === "string") {
-            this.credentials.appState = appState;
-        }
+        // Always overwrite with the freshest cookies — the old condition was too
+        // restrictive and silently skipped updates when credentials.appState was
+        // already a valid object, leaving stale cookies in re-login credentials.
+        this.credentials.appState = appState;
     }
 
     disable() {

package/src/utils/clients.js

@@ -49,22 +49,26 @@ function parseAndCheckLogin(ctx, http, retryCount = 0) {
 
       await delay(retryTime);
 
-      if (data.request.headers["content-type"].split(";")[0] === "multipart/form-data") {
+      // Guard against undefined Content-Type header before splitting
+      const contentType = (data.request.headers && data.request.headers["content-type"]) || "";
+      if (contentType.split(";")[0].trim() === "multipart/form-data") {
         const newData = await http.postFormData(
           url,
           ctx.jar,
           data.request.formData,
           data.request.qs,
-          ctx.globalOptions,
           ctx
         );
         return await parseAndCheckLogin(ctx, http, retryCount)(newData);
       } else {
+        // defaultFuncs.post signature: (url, jar, form, ctxx, customHeader)
+        // The 4th arg must be ctx (not ctx.globalOptions) — passing globalOptions
+        // here caused the retry to be treated as a raw network call without
+        // session context, missing auth headers and session inspection.
         const newData = await http.post(
           url,
           ctx.jar,
           data.request.form,
-          ctx.globalOptions,
           ctx
         );
         return await parseAndCheckLogin(ctx, http, retryCount)(newData);
@@ -261,9 +265,10 @@ function saveCookies(jar) {
 function getAccessFromBusiness(jar, Options) {
   return async function (res) {
     const html = res ? res.body : null;
-    const { get } = require("./request");
+    // Use the same axios wrapper used everywhere else — "request" module does not exist
+    const { get } = require("./axios");
     try {
-        const businessRes = await get("https://business.facebook.com/content_management", jar, null, Options, null, { noRef: true });
+        const businessRes = await get("https://business.facebook.com/content_management", jar, null, Options, { noRef: true });
         const token = /"accessToken":"([^.]+)","clientID":/g.exec(businessRes.body)[1];
         return [html, token];
     } catch (e) {

package/src/utils/formatters/data/formatAttachment.js

@@ -177,58 +177,72 @@ function _formatAttachment(attachment1, attachment2) {
                 attachment1: attachment1,
                 attachment2: attachment2
             };
-        case "MessageImage":
+        case "MessageImage": {
+            // Guard nested objects — Facebook occasionally returns MessageImage with
+            // missing preview/thumbnail/large_preview/original_dimensions objects,
+            // which causes a crash on property access (e.g. blob.preview.uri).
+            const imgThumb = blob.thumbnail || {};
+            const imgPrev = blob.preview || {};
+            const imgLarge = blob.large_preview || {};
+            const imgDims = blob.original_dimensions || {};
             return {
                 type: "photo",
                 ID: blob.legacy_attachment_id,
                 filename: blob.filename,
-                thumbnailUrl: blob.thumbnail.uri,
-                previewUrl: blob.preview.uri,
-                previewWidth: blob.preview.width,
-                previewHeight: blob.preview.height,
-                largePreviewUrl: blob.large_preview.uri,
-                largePreviewWidth: blob.large_preview.width,
-                largePreviewHeight: blob.large_preview.height,
-                url: blob.large_preview.uri,
-                width: blob.original_dimensions.x,
-                height: blob.original_dimensions.y,
+                thumbnailUrl: imgThumb.uri || null,
+                previewUrl: imgPrev.uri || null,
+                previewWidth: imgPrev.width || 0,
+                previewHeight: imgPrev.height || 0,
+                largePreviewUrl: imgLarge.uri || null,
+                largePreviewWidth: imgLarge.width || 0,
+                largePreviewHeight: imgLarge.height || 0,
+                url: imgLarge.uri || null,
+                width: imgDims.x || 0,
+                height: imgDims.y || 0,
                 name: blob.filename
             };
-        case "MessageAnimatedImage":
+        }
+        case "MessageAnimatedImage": {
+            const aniPrev = blob.preview_image || {};
+            const aniImg = blob.animated_image || {};
             return {
                 type: "animated_image",
                 ID: blob.legacy_attachment_id,
                 filename: blob.filename,
-                previewUrl: blob.preview_image.uri,
-                previewWidth: blob.preview_image.width,
-                previewHeight: blob.preview_image.height,
-                url: blob.animated_image.uri,
-                width: blob.animated_image.width,
-                height: blob.animated_image.height,
-                thumbnailUrl: blob.preview_image.uri,
+                previewUrl: aniPrev.uri || null,
+                previewWidth: aniPrev.width || 0,
+                previewHeight: aniPrev.height || 0,
+                url: aniImg.uri || null,
+                width: aniImg.width || 0,
+                height: aniImg.height || 0,
+                thumbnailUrl: aniPrev.uri || null,
                 name: blob.filename,
-                facebookUrl: blob.animated_image.uri,
-                rawGifImage: blob.animated_image.uri,
-                animatedGifUrl: blob.animated_image.uri,
-                animatedGifPreviewUrl: blob.preview_image.uri,
-                animatedWebpUrl: blob.animated_image.uri,
-                animatedWebpPreviewUrl: blob.preview_image.uri
+                facebookUrl: aniImg.uri || null,
+                rawGifImage: aniImg.uri || null,
+                animatedGifUrl: aniImg.uri || null,
+                animatedGifPreviewUrl: aniPrev.uri || null,
+                animatedWebpUrl: aniImg.uri || null,
+                animatedWebpPreviewUrl: aniPrev.uri || null
             };
-        case "MessageVideo":
+        }
+        case "MessageVideo": {
+            const vidImg = blob.large_image || {};
+            const vidDims = blob.original_dimensions || {};
             return {
                 type: "video",
                 filename: blob.filename,
                 ID: blob.legacy_attachment_id,
-                previewUrl: blob.large_image.uri,
-                previewWidth: blob.large_image.width,
-                previewHeight: blob.large_image.height,
-                url: blob.playable_url,
-                width: blob.original_dimensions.x,
-                height: blob.original_dimensions.y,
-                duration: blob.playable_duration_in_ms,
-                videoType: blob.video_type.toLowerCase(),
-                thumbnailUrl: blob.large_image.uri
+                previewUrl: vidImg.uri || null,
+                previewWidth: vidImg.width || 0,
+                previewHeight: vidImg.height || 0,
+                url: blob.playable_url || null,
+                width: vidDims.x || 0,
+                height: vidDims.y || 0,
+                duration: blob.playable_duration_in_ms || 0,
+                videoType: blob.video_type ? blob.video_type.toLowerCase() : "unknown",
+                thumbnailUrl: vidImg.uri || null
             };
+        }
         case "MessageFile":
             return {
                 type: "file",

package/src/utils/formatters/data/formatDelta.js

@@ -37,17 +37,24 @@ function formatDeltaMessage(m) {
         isReply: true
     } : null;
 
+    // Guard: actorFbId can be null on system/admin messages; threadKey can be
+    // missing on malformed deltas from Facebook — both crash with .toString().
+    const senderID = md.actorFbId != null ? formatID(md.actorFbId.toString()) : "0";
+    const threadKey = md.threadKey || {};
+    const threadRaw = threadKey.threadFbId || threadKey.otherUserFbId;
+    const threadID = threadRaw != null ? formatID(threadRaw.toString()) : "0";
+
     return {
         type: "message",
-        senderID: formatID(md.actorFbId.toString()),
+        senderID,
         body: m.delta.body || "",
-        threadID: formatID((md.threadKey.threadFbId || md.threadKey.otherUserFbId).toString()),
+        threadID,
         messageID: md.messageId,
         offlineThreadingId: md.offlineThreadingId,
         attachments: (m.delta.attachments || []).map(v => _formatAttachment(v)),
         mentions: mentions,
         timestamp: md.timestamp,
-        isGroup: !!md.threadKey.threadFbId,
+        isGroup: !!threadKey.threadFbId,
         participantIDs: m.delta.participants,
         messageReply: messageReply
     };
@@ -79,24 +86,35 @@ function formatDeltaEvent(m) {
             logMessageData = m;
     }
 
+    // Guard: messageMetadata or threadKey may be absent on some delta variants
+    const meta = m.messageMetadata || {};
+    const evtKey = meta.threadKey || {};
+    const evtThreadRaw = evtKey.threadFbId || evtKey.otherUserFbId;
+    const evtThreadID = evtThreadRaw != null ? formatID(evtThreadRaw.toString()) : "0";
+    const evtMessageID = meta.messageId != null ? meta.messageId.toString() : "";
+
     return {
         type: "event",
-        threadID: formatID((m.messageMetadata.threadKey.threadFbId || m.messageMetadata.threadKey.otherUserFbId).toString()),
-        messageID: m.messageMetadata.messageId.toString(),
+        threadID: evtThreadID,
+        messageID: evtMessageID,
         logMessageType,
         logMessageData,
-        logMessageBody: m.messageMetadata.adminText,
-        timestamp: m.messageMetadata.timestamp,
-        author: m.messageMetadata.actorFbId,
+        logMessageBody: meta.adminText,
+        timestamp: meta.timestamp,
+        author: meta.actorFbId,
         participantIDs: m.participants
     };
 }
 
 function formatDeltaReadReceipt(delta) {
+    // Guard: threadKey or its sub-fields may be missing in some receipt variants
+    const tk = delta.threadKey || {};
+    const reader = (tk.otherUserFbId || delta.actorFbId);
+    const threadRaw = tk.otherUserFbId || tk.threadFbId;
     return {
-        reader: (delta.threadKey.otherUserFbId || delta.actorFbId).toString(),
+        reader: reader != null ? reader.toString() : "0",
         time: delta.actionTimestampMs,
-        threadID: formatID((delta.threadKey.otherUserFbId || delta.threadKey.threadFbId).toString()),
+        threadID: threadRaw != null ? formatID(threadRaw.toString()) : "0",
         type: "read_receipt"
     };
 }