@lazyneoaz/metachat 1.0.6 → 1.0.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lazyneoaz/metachat",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "type": "commonjs",
   "types": "src/types/index.d.ts",
   "description": "Advanced Facebook Chat API client for building Messenger bots — real-time messaging, thread management, MQTT, and session stability.",

package/src/apis/listenMqtt.js

@@ -688,23 +688,15 @@ module.exports = (defaultFuncs, api, ctx, opts) => {
                 timestamp: Date.now()
             }, null);
         }
+        // handleSessionExpiry owns the listenMqtt restart after re-login —
+        // it captures wasListening from the OLD ctx before calling loginHelper,
+        // so it is the only place that reliably knows whether listening was active.
+        // DO NOT restart listenMqtt here; doing so races with handleSessionExpiry
+        // and creates two simultaneous MQTT connections.
         try {
             if (globalAutoReLoginManager && globalAutoReLoginManager.isEnabled && globalAutoReLoginManager.isEnabled()) {
-                globalAutoReLoginManager.handleSessionExpiry(api, 'https://www.facebook.com', "Session expired").then((ok) => {
-                    if (ok && ctx._listeningActive && typeof api.listenMqtt === 'function') {
-                        try {
-                            if (typeof api.stopListening === 'function') {
-                                try { api.stopListening(); } catch (_) {}
-                            }
-                            const cb = ctx._lastListenCallback || null;
-                            if (cb) {
-                                api.listenMqtt(cb);
-                            } else {
-                                api.listenMqtt();
-                            }
-                        } catch (_) {}
-                    }
-                }).catch(() => {});
+                globalAutoReLoginManager.handleSessionExpiry(api, 'https://www.facebook.com', "Session expired")
+                    .catch(() => {});
             }
         } catch (_) {}
     }
@@ -1020,9 +1012,14 @@ module.exports = (defaultFuncs, api, ctx, opts) => {
                     'account_inactive', 'checkpoint_282', 'checkpoint_956', 'error'
                 ];
                 for (const event of LIFECYCLE_EVENTS) {
-                    const listeners = prevEmitter.rawListeners ? prevEmitter.rawListeners(event) : [];
-                    for (const listener of listeners) {
-                        msgEmitter.on(event, listener);
+                    // Use listeners() NOT rawListeners() — rawListeners() returns the
+                    // internal once-wrapper functions. When re-registered with .on()
+                    // those wrappers fire the handler once then remove themselves from
+                    // the OLD emitter, but stay on the NEW emitter forever, causing a
+                    // memory leak and never-again-firing once handlers.
+                    const fns = prevEmitter.listeners ? prevEmitter.listeners(event) : [];
+                    for (const fn of fns) {
+                        msgEmitter.on(event, fn);
                     }
                 }
             } catch (_) {}

package/src/apis/refreshFb_dtsg.js

@@ -60,7 +60,13 @@ module.exports = function (defaultFuncs, api, ctx) {
 
           if (!fb_dtsg) throw new Error("Could not find fb_dtsg in HTML. Session may have expired.");
 
-          const updated = { fb_dtsg };
+          // Recalculate ttstamp whenever fb_dtsg changes — ttstamp = "2" followed
+          // by the concatenation of each character's char code (NOT their sum).
+          // Leaving ttstamp stale after a token refresh causes request signature
+          // mismatches that Facebook detects as bot-like behaviour.
+          const ttstamp = "2" + Array.from(fb_dtsg).map(c => c.charCodeAt(0)).join("");
+
+          const updated = { fb_dtsg, ttstamp };
           if (jazoest) updated.jazoest = jazoest;
 
           Object.assign(ctx, updated);

package/src/apis/sendMessage.js

@@ -300,32 +300,44 @@ module.exports = (defaultFuncs, api, ctx) => {
       }
 
       try {
-        let result;
         const mqttReady = ctx.mqttClient && ctx.mqttClient.connected;
         const isMultiRecipient = Array.isArray(threadID);
+        // Track which transport was used so the catch block can fall back to
+        // the OTHER transport — retrying the same one that just failed is useless.
+        const usedMqtt = mqttReady && !isMultiRecipient && api.sendMessageMqtt;
 
-        if (mqttReady && !isMultiRecipient && api.sendMessageMqtt) {
+        let result;
+        if (usedMqtt) {
           result = await api.sendMessageMqtt(msg, threadID, replyToMessage);
         } else {
           result = await sendViaHttp(msg, threadID, replyToMessage, isGroup);
         }
         callback(null, result);
       } catch (sendErr) {
-        const mqttReady = ctx.mqttClient && ctx.mqttClient.connected;
-        if (mqttReady && !Array.isArray(threadID) && api.sendMessageMqtt) {
-          try {
-            const mqttRes = await api.sendMessageMqtt(msg, threadID, replyToMessage);
-            callback(null, mqttRes);
-          } catch (_mqttErr) {
-            callback(sendErr);
-          }
-        } else {
+        // Fall back to the OTHER transport, not the one that just failed.
+        const mqttNowReady = ctx.mqttClient && ctx.mqttClient.connected;
+        const primaryWasMqtt = mqttNowReady && !Array.isArray(threadID) && api.sendMessageMqtt;
+
+        if (primaryWasMqtt) {
+          // MQTT was used (or is available) — fall back to HTTP
           try {
             const httpRes = await sendViaHttp(msg, threadID, replyToMessage, isGroup);
             callback(null, httpRes);
           } catch (_httpErr) {
             callback(sendErr);
           }
+        } else {
+          // HTTP was used — try MQTT if it has since become available
+          if (mqttNowReady && !Array.isArray(threadID) && api.sendMessageMqtt) {
+            try {
+              const mqttRes = await api.sendMessageMqtt(msg, threadID, replyToMessage);
+              callback(null, mqttRes);
+            } catch (_mqttErr) {
+              callback(sendErr);
+            }
+          } else {
+            callback(sendErr);
+          }
         }
       } finally {
         if (typingTimeout) clearTimeout(typingTimeout);

package/src/utils/antiSuspension.js

@@ -205,6 +205,14 @@ class AntiSuspension {
     detectSuspensionSignal(text) {
         if (!text || typeof text !== 'string') return false;
         const lower = text.toLowerCase();
+
+        // Session expiry is NOT a suspension event — never trip the circuit
+        // breaker for it. A false positive here blocks all sends AND re-login
+        // attempts for up to 45 minutes, turning a normal logout into a
+        // permanent lockout until the cooldown expires.
+        const isSessionExpiry = SESSION_EXPIRY_SIGNALS.some(signal => lower.includes(signal));
+        if (isSessionExpiry) return false;
+
         const found = SUSPENSION_SIGNALS.some(signal => lower.includes(signal));
         if (found) {
             this._onSuspensionSignalDetected();
@@ -240,11 +248,14 @@ class AntiSuspension {
     isCircuitBreakerTripped() {
         const cb = this.suspensionCircuitBreaker;
         if (!cb.tripped) return false;
+        // Use per-trip override duration if set, otherwise fall back to default.
+        const activeCooldown = cb.overrideCooldownMs || cb.cooldownMs;
         const elapsed = Date.now() - cb.trippedAt;
-        if (elapsed >= cb.cooldownMs) {
+        if (elapsed >= activeCooldown) {
             cb.tripped = false;
             cb.signalCount = 0;
             cb.trippedAt = null;
+            cb.overrideCooldownMs = null;
             return false;
         }
         return true;
@@ -253,25 +264,31 @@ class AntiSuspension {
     getCircuitBreakerRemainingMs() {
         const cb = this.suspensionCircuitBreaker;
         if (!cb.tripped) return 0;
-        return Math.max(0, cb.cooldownMs - (Date.now() - cb.trippedAt));
+        const activeCooldown = cb.overrideCooldownMs || cb.cooldownMs;
+        return Math.max(0, activeCooldown - (Date.now() - cb.trippedAt));
     }
 
     tripCircuitBreaker(reason, durationMs) {
         const cb = this.suspensionCircuitBreaker;
         cb.tripped = true;
         cb.trippedAt = Date.now();
-        if (durationMs) cb.cooldownMs = durationMs;
+        // Store custom duration as a per-trip override so the DEFAULT cooldownMs
+        // is never permanently mutated — future organic-signal trips will still
+        // use the original 45-minute default.
+        cb.overrideCooldownMs = durationMs || null;
         cb.signalCount = cb.maxSignalsBeforeTrip;
+        const activeCooldown = durationMs || cb.cooldownMs;
         const { utils } = this._getUtils();
         utils && utils.warn && utils.warn("AntiSuspension",
             `Circuit breaker manually tripped: ${reason || 'manual'}. ` +
-            `Cooldown: ${(cb.cooldownMs / 60000).toFixed(1)} min`);
+            `Cooldown: ${(activeCooldown / 60000).toFixed(1)} min`);
     }
 
     resetCircuitBreaker() {
         this.suspensionCircuitBreaker.tripped = false;
         this.suspensionCircuitBreaker.signalCount = 0;
         this.suspensionCircuitBreaker.trippedAt = null;
+        this.suspensionCircuitBreaker.overrideCooldownMs = null;
     }
 
     async simulateTyping(threadID, messageLength = 50) {

package/src/utils/autoReLogin.js

@@ -110,6 +110,13 @@ class AutoReLoginManager {
 
             const fbLinkFunc = typeof fbLink === 'function' ? fbLink : () => fbLink;
 
+            // Capture the listening state from the CURRENT ctx BEFORE loginHelper
+            // replaces api.ctx with a fresh context object. By the time the login
+            // callback fires, api.ctx already points to the new ctx, so checking
+            // api.ctx._listeningActive in the callback would always be undefined.
+            const wasListening = !!(api && api.ctx && api.ctx._listeningActive);
+            const savedListenCallback = (api && api.ctx && api.ctx._lastListenCallback) || null;
+
             await new Promise((resolve, reject) => {
                 loginHelperModel(
                     this.credentials,
@@ -121,35 +128,17 @@ class AutoReLoginManager {
                         }
                         
                         if (api) {
-                            // CRITICAL FIX: Update the live ctx object IN-PLACE instead of
-                            // replacing api.ctx. Every API method closure (sendMessage,
-                            // listenMqtt, etc.) captured the original ctx variable — replacing
-                            // the reference leaves all of them with stale tokens forever.
-                            // Updating in-place means all closures immediately see fresh values.
-                            const liveCtx = api.ctx;
-                            if (liveCtx && newApi.ctx) {
-                                const sessionFields = [
-                                    'fb_dtsg', 'jazoest', 'lsd', 'ttstamp',
-                                    'mqttEndpoint', 'lastSeqId', 'appID', 'clientID',
-                                    'userAppID', 'mqttAppID', 'userID', 'region',
-                                    'access_token'
-                                ];
-                                for (const field of sessionFields) {
-                                    if (newApi.ctx[field] !== undefined) {
-                                        liveCtx[field] = newApi.ctx[field];
-                                    }
-                                }
-                                // Reset flags that block MQTT reconnection after re-login
-                                liveCtx.loggedIn = true;
-                                liveCtx._ending = false;
-                                liveCtx._cycling = false;
-                                liveCtx._mqttReauthing = false;
+                            // loginHelper calls loadApiModules() which recreates all API
+                            // method closures on the new ctx, so subsequent calls automatically
+                            // use fresh tokens. Also reset flags on the new ctx so MQTT can
+                            // reconnect cleanly.
+                            if (api.ctx) {
+                                api.ctx.loggedIn = true;
+                                api.ctx._ending = false;
+                                api.ctx._cycling = false;
+                                api.ctx._mqttReauthing = false;
                             }
 
-                            // Do NOT replace api.defaultFuncs — the existing closures already
-                            // reference the live (now-updated) ctx, so they will pick up fresh
-                            // tokens without needing new function objects.
-
                             if (api.tokenRefreshManager) {
                                 api.tokenRefreshManager.resetFailureCount();
                             }
@@ -175,15 +164,17 @@ class AutoReLoginManager {
                 this.onReLoginSuccess();
             }
 
+            // Restart MQTT listening if it was active before re-login.
+            // wasListening was captured from the OLD ctx before loginHelper replaced
+            // api.ctx — this is the only reliable way to know if listening was on.
             try {
-                if (api && api.listenMqtt && api.ctx && api.ctx._listeningActive) {
+                if (wasListening && api && api.listenMqtt) {
                     try {
                         if (typeof api.stopListening === 'function') {
                             try { api.stopListening(); } catch (_) {}
                         }
-                        const cb = api.ctx._lastListenCallback || null;
-                        if (cb) {
-                            api.listenMqtt(cb);
+                        if (savedListenCallback) {
+                            api.listenMqtt(savedListenCallback);
                         } else {
                             api.listenMqtt();
                         }