npm - @omnizap-system/omnizap - Versions diffs - 2.5.12 - Mend

@omnizap-system/omnizap 2.5.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (425) hide show

package/.clusterfuzzlite/Dockerfile +10 -0
package/.env.example +907 -0
package/.github/codeql/codeql-config.yml +10 -0
package/.github/dependabot.yml +35 -0
package/.github/workflows/ci.yml +73 -0
package/.github/workflows/codeql.yml +106 -0
package/.github/workflows/db-migration-check.yml +98 -0
package/.github/workflows/dependency-review.yml +22 -0
package/.github/workflows/deploy.yml +95 -0
package/.github/workflows/release.yml +106 -0
package/.github/workflows/security-attest-provenance.yml +51 -0
package/.github/workflows/security-gitleaks.yml +34 -0
package/.github/workflows/security-runner-hardening.yml +31 -0
package/.github/workflows/security-scorecard.yml +44 -0
package/.github/workflows/security-zap-baseline.yml +44 -0
package/.github/workflows/security-zap-full-scan.yml +43 -0
package/.github/workflows/security-zizmor.yml +36 -0
package/.github/workflows/wiki-sync.yml +44 -0
package/.gitleaks.toml +15 -0
package/.prettierrc +34 -0
package/CODE_OF_CONDUCT.md +114 -0
package/LICENSE +56 -0
package/README.md +110 -0
package/SECURITY.md +110 -0
package/app/config/index.js +4 -0
package/app/configParts/adminIdentity.js +92 -0
package/app/configParts/baileysConfig.js +1818 -0
package/app/configParts/groupUtils.js +692 -0
package/app/configParts/loggerConfig.js +394 -0
package/app/configParts/messagePersistenceService.js +305 -0
package/app/connection/baileysCompatibility.test.js +40 -0
package/app/connection/baileysDbAuthState.js +344 -0
package/app/connection/socketController.js +2243 -0
package/app/controllers/messageController.js +7 -0
package/app/controllers/messagePipeline/commandMiddleware.js +146 -0
package/app/controllers/messagePipeline/conversationMiddleware.js +183 -0
package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js +522 -0
package/app/controllers/messagePipeline/postProcessingMiddleware.js +41 -0
package/app/controllers/messagePipeline/preProcessingMiddlewares.js +166 -0
package/app/controllers/messageProcessingPipeline.js +699 -0
package/app/modules/adminModule/AGENT.md +4056 -0
package/app/modules/adminModule/adminAiHelpService.js +56 -0
package/app/modules/adminModule/adminConfigRuntime.js +177 -0
package/app/modules/adminModule/commandConfig.json +7122 -0
package/app/modules/adminModule/groupCommandHandlers.js +1823 -0
package/app/modules/adminModule/groupCommandHandlers.test.js +350 -0
package/app/modules/adminModule/groupEventHandlers.js +399 -0
package/app/modules/aiModule/AGENT.md +547 -0
package/app/modules/aiModule/aiAiHelpService.js +14 -0
package/app/modules/aiModule/aiConfigRuntime.js +135 -0
package/app/modules/aiModule/catCommand.js +967 -0
package/app/modules/aiModule/commandConfig.json +981 -0
package/app/modules/analyticsModule/messageAnalysisEventRepository.js +83 -0
package/app/modules/gameModule/AGENT.md +196 -0
package/app/modules/gameModule/commandConfig.json +366 -0
package/app/modules/gameModule/diceCommand.js +42 -0
package/app/modules/gameModule/gameAiHelpService.js +14 -0
package/app/modules/gameModule/gameConfigRuntime.js +68 -0
package/app/modules/menuModule/AGENT.md +205 -0
package/app/modules/menuModule/commandConfig.json +366 -0
package/app/modules/menuModule/common.js +316 -0
package/app/modules/menuModule/menuAiHelpService.js +14 -0
package/app/modules/menuModule/menuConfigRuntime.js +68 -0
package/app/modules/menuModule/menus.js +66 -0
package/app/modules/playModule/AGENT.md +321 -0
package/app/modules/playModule/commandConfig.json +584 -0
package/app/modules/playModule/playAiHelpService.js +14 -0
package/app/modules/playModule/playCommand.js +1417 -0
package/app/modules/playModule/playConfigRuntime.js +68 -0
package/app/modules/quoteModule/AGENT.md +199 -0
package/app/modules/quoteModule/commandConfig.json +366 -0
package/app/modules/quoteModule/quoteAiHelpService.js +14 -0
package/app/modules/quoteModule/quoteCommand.js +842 -0
package/app/modules/quoteModule/quoteConfigRuntime.js +68 -0
package/app/modules/rpgPokemonModule/AGENT.md +229 -0
package/app/modules/rpgPokemonModule/commandConfig.json +386 -0
package/app/modules/rpgPokemonModule/rpgBattleCanvasRenderer.js +795 -0
package/app/modules/rpgPokemonModule/rpgBattleService.js +2110 -0
package/app/modules/rpgPokemonModule/rpgBattleService.test.js +770 -0
package/app/modules/rpgPokemonModule/rpgEvolutionUtils.js +22 -0
package/app/modules/rpgPokemonModule/rpgPokemonAiHelpService.js +14 -0
package/app/modules/rpgPokemonModule/rpgPokemonCommand.js +174 -0
package/app/modules/rpgPokemonModule/rpgPokemonConfigRuntime.js +68 -0
package/app/modules/rpgPokemonModule/rpgPokemonDomain.js +192 -0
package/app/modules/rpgPokemonModule/rpgPokemonDomain.test.js +93 -0
package/app/modules/rpgPokemonModule/rpgPokemonEvolution.test.js +46 -0
package/app/modules/rpgPokemonModule/rpgPokemonMessages.js +746 -0
package/app/modules/rpgPokemonModule/rpgPokemonRepository.js +1847 -0
package/app/modules/rpgPokemonModule/rpgPokemonService.js +6839 -0
package/app/modules/rpgPokemonModule/rpgProfileCanvasRenderer.js +354 -0
package/app/modules/statsModule/AGENT.md +320 -0
package/app/modules/statsModule/commandConfig.json +540 -0
package/app/modules/statsModule/globalRankingCommand.js +64 -0
package/app/modules/statsModule/rankingCommand.js +41 -0
package/app/modules/statsModule/rankingCommon.js +1305 -0
package/app/modules/statsModule/statsAiHelpService.js +14 -0
package/app/modules/statsModule/statsConfigRuntime.js +68 -0
package/app/modules/stickerModule/AGENT.md +692 -0
package/app/modules/stickerModule/addStickerMetadata.js +239 -0
package/app/modules/stickerModule/commandConfig.json +1216 -0
package/app/modules/stickerModule/convertToWebp.js +367 -0
package/app/modules/stickerModule/stickerAiHelpService.js +14 -0
package/app/modules/stickerModule/stickerCommand.js +446 -0
package/app/modules/stickerModule/stickerConfigRuntime.js +68 -0
package/app/modules/stickerModule/stickerConvertCommand.js +159 -0
package/app/modules/stickerModule/stickerTextCommand.js +653 -0
package/app/modules/stickerPackModule/AGENT.md +215 -0
package/app/modules/stickerPackModule/autoPackCollectorRuntime.js +20 -0
package/app/modules/stickerPackModule/autoPackCollectorService.js +357 -0
package/app/modules/stickerPackModule/commandConfig.json +387 -0
package/app/modules/stickerPackModule/domainEventOutboxRepository.js +227 -0
package/app/modules/stickerPackModule/domainEvents.js +52 -0
package/app/modules/stickerPackModule/semanticReclassificationEngine.js +429 -0
package/app/modules/stickerPackModule/semanticReclassificationEngine.test.js +75 -0
package/app/modules/stickerPackModule/semanticThemeClusterService.js +544 -0
package/app/modules/stickerPackModule/stickerAssetClassificationRepository.js +400 -0
package/app/modules/stickerPackModule/stickerAssetRepository.js +400 -0
package/app/modules/stickerPackModule/stickerAssetReprocessQueueRepository.js +175 -0
package/app/modules/stickerPackModule/stickerAutoPackByTagsRuntime.js +3702 -0
package/app/modules/stickerPackModule/stickerClassificationBackgroundRuntime.js +559 -0
package/app/modules/stickerPackModule/stickerClassificationService.js +557 -0
package/app/modules/stickerPackModule/stickerDedicatedTaskWorkerRuntime.js +249 -0
package/app/modules/stickerPackModule/stickerDomainEventBus.js +65 -0
package/app/modules/stickerPackModule/stickerDomainEventConsumerRuntime.js +208 -0
package/app/modules/stickerPackModule/stickerMarketplaceDriftService.js +99 -0
package/app/modules/stickerPackModule/stickerObjectStorageService.js +285 -0
package/app/modules/stickerPackModule/stickerPackAiHelpService.js +14 -0
package/app/modules/stickerPackModule/stickerPackCommandHandlers.js +1148 -0
package/app/modules/stickerPackModule/stickerPackConfigRuntime.js +68 -0
package/app/modules/stickerPackModule/stickerPackEngagementRepository.js +152 -0
package/app/modules/stickerPackModule/stickerPackErrors.js +30 -0
package/app/modules/stickerPackModule/stickerPackInteractionEventRepository.js +101 -0
package/app/modules/stickerPackModule/stickerPackItemRepository.js +432 -0
package/app/modules/stickerPackModule/stickerPackMarketplaceService.js +313 -0
package/app/modules/stickerPackModule/stickerPackMessageService.js +268 -0
package/app/modules/stickerPackModule/stickerPackRepository.js +450 -0
package/app/modules/stickerPackModule/stickerPackScoreSnapshotRepository.js +179 -0
package/app/modules/stickerPackModule/stickerPackScoreSnapshotRuntime.js +271 -0
package/app/modules/stickerPackModule/stickerPackService.js +733 -0
package/app/modules/stickerPackModule/stickerPackServiceRuntime.js +32 -0
package/app/modules/stickerPackModule/stickerPackUtils.js +107 -0
package/app/modules/stickerPackModule/stickerStorageService.js +559 -0
package/app/modules/stickerPackModule/stickerWorkerPipelineRuntime.js +242 -0
package/app/modules/stickerPackModule/stickerWorkerTaskQueueRepository.js +242 -0
package/app/modules/systemMetricsModule/AGENT.md +193 -0
package/app/modules/systemMetricsModule/commandConfig.json +344 -0
package/app/modules/systemMetricsModule/pingCommand.js +399 -0
package/app/modules/systemMetricsModule/systemMetricsAiHelpService.js +14 -0
package/app/modules/systemMetricsModule/systemMetricsConfigRuntime.js +68 -0
package/app/modules/tiktokModule/AGENT.md +196 -0
package/app/modules/tiktokModule/commandConfig.json +366 -0
package/app/modules/tiktokModule/tiktokAiHelpService.js +14 -0
package/app/modules/tiktokModule/tiktokCommand.js +716 -0
package/app/modules/tiktokModule/tiktokConfigRuntime.js +68 -0
package/app/modules/userModule/AGENT.md +200 -0
package/app/modules/userModule/commandConfig.json +386 -0
package/app/modules/userModule/userAiHelpService.js +14 -0
package/app/modules/userModule/userCommand.js +1155 -0
package/app/modules/userModule/userConfigRuntime.js +68 -0
package/app/modules/waifuPicsModule/AGENT.md +431 -0
package/app/modules/waifuPicsModule/commandConfig.json +780 -0
package/app/modules/waifuPicsModule/waifuPicsAiHelpService.js +14 -0
package/app/modules/waifuPicsModule/waifuPicsCommand.js +586 -0
package/app/modules/waifuPicsModule/waifuPicsConfigRuntime.js +68 -0
package/app/observability/metrics.js +766 -0
package/app/services/ai/aiHelpResponseCacheRepository.js +280 -0
package/app/services/ai/aiLearningRepository.js +400 -0
package/app/services/ai/commandConfigEnrichmentRepository.js +769 -0
package/app/services/ai/commandConfigEnrichmentService.js +452 -0
package/app/services/ai/commandConfigValidationService.js +443 -0
package/app/services/ai/commandToolBuilderService.js +192 -0
package/app/services/ai/conversationRouterService.js +516 -0
package/app/services/ai/geminiService.js +115 -0
package/app/services/ai/geminiService.test.js +87 -0
package/app/services/ai/globalModuleAiHelpService.js +1412 -0
package/app/services/ai/globalToolCallingService.js +203 -0
package/app/services/ai/messageCommandExecutionService.js +391 -0
package/app/services/ai/moduleAiHelpCoreService.js +1099 -0
package/app/services/ai/moduleAiHelpWrapperFactory.js +65 -0
package/app/services/ai/moduleCommandConfigRuntimeService.js +113 -0
package/app/services/ai/moduleToolExecutorService.js +464 -0
package/app/services/ai/moduleToolRegistryService.js +178 -0
package/app/services/ai/toolCandidateSelectorService.js +781 -0
package/app/services/auth/googleWebLinkService.js +80 -0
package/app/services/auth/whatsappLoginLinkService.js +230 -0
package/app/services/external/pokeApiService.js +398 -0
package/app/services/group/groupMetadataService.js +311 -0
package/app/services/infra/dbWriteQueue.js +874 -0
package/app/services/infra/featureFlagService.js +131 -0
package/app/services/infra/queueUtils.js +55 -0
package/app/services/messaging/captchaService.js +491 -0
package/app/services/messaging/messagePersistenceService.js +1 -0
package/app/services/messaging/newsBroadcastService.js +347 -0
package/app/services/sticker/stickerFocusService.js +347 -0
package/app/services/sticker/stickerFocusService.test.js +43 -0
package/app/store/aiPromptStore.js +38 -0
package/app/store/conversationSessionStore.js +131 -0
package/app/store/groupConfigStore.js +58 -0
package/app/store/premiumUserStore.js +54 -0
package/app/utils/antiLink/antiLinkModule.js +700 -0
package/app/utils/http/getImageBufferModule.js +18 -0
package/app/utils/json/jsonSanitizer.js +113 -0
package/app/utils/json/jsonSanitizer.test.js +40 -0
package/app/utils/systemMetrics/systemMetricsModule.js +88 -0
package/app/workers/aiLearningWorker.js +605 -0
package/app/workers/commandConfigEnrichmentWorker.js +242 -0
package/database/index.js +2075 -0
package/database/init.js +151 -0
package/database/migrations/.gitkeep +0 -0
package/database/migrations/20260307_d0_hardening_down.sql +64 -0
package/database/migrations/20260307_d0_hardening_up.sql +79 -0
package/database/migrations/20260307_d1_terms_acceptance_down.sql +11 -0
package/database/migrations/20260307_d1_terms_acceptance_up.sql +37 -0
package/database/migrations/20260307_d2_auth_hardening_down.sql +75 -0
package/database/migrations/20260307_d2_auth_hardening_up.sql +100 -0
package/database/migrations/20260314_d7_canonical_sender_down.sql +53 -0
package/database/migrations/20260314_d7_canonical_sender_up.sql +114 -0
package/database/migrations/20260406_d30_security_analytics_down.sql +95 -0
package/database/migrations/20260406_d30_security_analytics_up.sql +292 -0
package/database/migrations/20260407_d31_web_google_session_token_hardening_down.sql +2 -0
package/database/migrations/20260407_d31_web_google_session_token_hardening_up.sql +17 -0
package/database/migrations/20260408_d32_ai_help_response_cache_down.sql +1 -0
package/database/migrations/20260408_d32_ai_help_response_cache_up.sql +22 -0
package/database/migrations/20260409_d33_ai_learning_tables_down.sql +4 -0
package/database/migrations/20260409_d33_ai_learning_tables_up.sql +52 -0
package/database/migrations/20260410_d34_command_config_enrichment_down.sql +3 -0
package/database/migrations/20260410_d34_command_config_enrichment_up.sql +48 -0
package/database/schema.sql +1186 -0
package/docker-compose.yml +104 -0
package/docs/audits/stickerCatalogController-out-of-scope.md +103 -0
package/docs/audits/stickerCatalogController-symbols.md +58 -0
package/docs/compliance/acceptable-use-policy-2026-03-07.md +35 -0
package/docs/compliance/dpa-b2b-standard-2026-03-07.md +80 -0
package/docs/compliance/monthly-compliance-checklist-2026-03-07.md +88 -0
package/docs/compliance/notice-and-takedown-policy-2026-03-07.md +34 -0
package/docs/compliance/privacy-policy-2026-03-07.md +75 -0
package/docs/compliance/subprocessors-inventory-2026-03-07.md +16 -0
package/docs/database/production-db-evolution-runbook-2026q1.md +365 -0
package/docs/security/dsar-lgpd-runbook-2026-03-07.md +86 -0
package/docs/security/incident-response-lgpd-anpd-runbook-2026-03-07.md +77 -0
package/docs/security/network-hardening-runbook-2026-03-07.md +137 -0
package/docs/seo/omnizap-seo-playbook-br-2026-02-28.md +238 -0
package/docs/seo/satellite-page-template.md +116 -0
package/docs/seo/satellite-pages-phase1.json +364 -0
package/docs/wiki/Home.md +120 -0
package/docs/wiki/pair-extraordinaire-2026-03-08.md +3 -0
package/docs/wiki/recent-changes-2026-03-08.md +47 -0
package/ecosystem.prod.config.cjs +135 -0
package/eslint.config.js +89 -0
package/index.js +488 -0
package/ml/clip_classifier/Dockerfile +18 -0
package/ml/clip_classifier/README.md +118 -0
package/ml/clip_classifier/adaptive_scoring.py +40 -0
package/ml/clip_classifier/classifier.py +654 -0
package/ml/clip_classifier/embedding_store.py +481 -0
package/ml/clip_classifier/env_loader.py +15 -0
package/ml/clip_classifier/llm_label_expander.py +144 -0
package/ml/clip_classifier/main.py +213 -0
package/ml/clip_classifier/requirements.txt +10 -0
package/ml/clip_classifier/similarity_engine.py +74 -0
package/new-logo.png +0 -0
package/observability/alert-rules.yml +60 -0
package/observability/grafana/dashboards/omnizap-mysql.json +136 -0
package/observability/grafana/dashboards/omnizap-overview.json +170 -0
package/observability/grafana/provisioning/dashboards/dashboards.yml +11 -0
package/observability/grafana/provisioning/datasources/datasources.yml +15 -0
package/observability/loki-config.yml +38 -0
package/observability/mysql-setup.sql +46 -0
package/observability/prometheus.yml +35 -0
package/observability/promtail-config.yml +84 -0
package/observability/sticker-catalog-slo.md +83 -0
package/observability/sticker-scale-hardening-rollout.md +128 -0
package/package.json +144 -0
package/public/apple-touch-icon.png +0 -0
package/public/assets/css/commands-react.input.css +71 -0
package/public/assets/css/create-pack-react.input.css +31 -0
package/public/assets/css/home-react.input.css +106 -0
package/public/assets/css/login-react.input.css +58 -0
package/public/assets/css/stickers-react.input.css +18 -0
package/public/assets/css/terms-react.input.css +115 -0
package/public/assets/css/user-react.input.css +57 -0
package/public/assets/images/brand-icon-192.png +0 -0
package/public/assets/images/brand-logo-128.webp +0 -0
package/public/assets/images/hero-banner-1280.jpg +0 -0
package/public/comandos/commands-catalog.json +4517 -0
package/public/css/api-docs.css +161 -0
package/public/css/stickers-admin.css +1288 -0
package/public/css/styles.css +679 -0
package/public/css/systemadm/admin.css +474 -0
package/public/css/systemadm/base.css +73 -0
package/public/css/systemadm/components.css +662 -0
package/public/css/systemadm/layout.css +229 -0
package/public/css/systemadm/tokens.css +56 -0
package/public/favicon-16x16.png +0 -0
package/public/favicon-32x32.png +0 -0
package/public/favicon.ico +0 -0
package/public/js/apps/apiDocsApp.js +235 -0
package/public/js/apps/commandsReactApp.js +528 -0
package/public/js/apps/createPackApp.js +1646 -0
package/public/js/apps/homeReactApp.js +942 -0
package/public/js/apps/loginReactApp.js +496 -0
package/public/js/apps/stickersAdminApp.js +1753 -0
package/public/js/apps/stickersApp.js +3797 -0
package/public/js/apps/termsReactApp.js +528 -0
package/public/js/apps/userApp.js +2540 -0
package/public/js/apps/userProfile/actions.js +66 -0
package/public/js/apps/userReactApp.js +547 -0
package/public/js/catalog.js +950 -0
package/public/pages/api-docs.html +40 -0
package/public/pages/aup.html +158 -0
package/public/pages/comandos.html +41 -0
package/public/pages/dpa.html +227 -0
package/public/pages/home.html +45 -0
package/public/pages/licenca.html +182 -0
package/public/pages/login.html +40 -0
package/public/pages/notice-and-takedown.html +234 -0
package/public/pages/politica-de-privacidade.html +251 -0
package/public/pages/seo-bot-whatsapp-para-grupo.html +350 -0
package/public/pages/seo-bot-whatsapp-sem-programar.html +350 -0
package/public/pages/seo-como-automatizar-avisos-no-whatsapp.html +350 -0
package/public/pages/seo-como-criar-comandos-whatsapp.html +350 -0
package/public/pages/seo-como-evitar-spam-no-whatsapp.html +350 -0
package/public/pages/seo-como-moderar-grupo-whatsapp.html +350 -0
package/public/pages/seo-como-organizar-comunidade-whatsapp.html +350 -0
package/public/pages/seo-melhor-bot-whatsapp-para-grupos.html +350 -0
package/public/pages/stickers-admin.html +31 -0
package/public/pages/stickers-create.html +41 -0
package/public/pages/stickers.html +45 -0
package/public/pages/suboperadores.html +237 -0
package/public/pages/termos-de-uso-texto-integral.html +241 -0
package/public/pages/termos-de-uso.html +41 -0
package/public/pages/user-password-reset.html +32 -0
package/public/pages/user-systemadm.html +508 -0
package/public/pages/user.html +39 -0
package/public/robots.txt +9 -0
package/public/site.webmanifest +24 -0
package/public/sitemap.xml +98 -0
package/schemas/command-config.schema.json +582 -0
package/scripts/baileys-compat-smoke.mjs +12 -0
package/scripts/cache-bust.mjs +142 -0
package/scripts/deploy.sh +916 -0
package/scripts/email-broadcast-terms-update.mjs +170 -0
package/scripts/enrich-command-discovery-fields.mjs +286 -0
package/scripts/generate-command-config-schema.mjs +273 -0
package/scripts/generate-commands-catalog.mjs +308 -0
package/scripts/generate-module-agents.mjs +631 -0
package/scripts/generate-seo-satellite-pages.mjs +400 -0
package/scripts/github-deploy-notify.mjs +174 -0
package/scripts/github-release-notify.mjs +219 -0
package/scripts/release.sh +599 -0
package/scripts/run-codeql-local.sh +116 -0
package/scripts/run-prettier-all.mjs +25 -0
package/scripts/security-smoketest.mjs +581 -0
package/scripts/sticker-catalog-loadtest.mjs +210 -0
package/scripts/sticker-worker-task.mjs +119 -0
package/scripts/sync-readme-snapshot.mjs +133 -0
package/scripts/validate-command-config-schema.mjs +130 -0
package/scripts/validate-command-configs.mjs +15 -0
package/scripts/wiki-sync.sh +191 -0
package/server/auth/googleWebAuth/googleWebAuthRuntime.js +62 -0
package/server/auth/googleWebAuth/googleWebAuthService.js +807 -0
package/server/auth/jwt/webJwtService.js +147 -0
package/server/auth/stickerCatalogAuthContext.js +165 -0
package/server/auth/termsAcceptance/termsAcceptanceHandler.js +189 -0
package/server/auth/userPassword/index.js +14 -0
package/server/auth/userPassword/userPasswordAuthService.js +422 -0
package/server/auth/userPassword/userPasswordCrypto.js +199 -0
package/server/auth/userPassword/userPasswordCrypto.test.js +76 -0
package/server/auth/userPassword/userPasswordRecoveryService.js +728 -0
package/server/auth/validation/authSchemas.js +236 -0
package/server/auth/webAccount/webAccountHandlers.js +1434 -0
package/server/controllers/admin/adminBanService.js +138 -0
package/server/controllers/admin/adminPanelHandlers.js +2083 -0
package/server/controllers/admin/stickerCatalogAdminContext.js +17 -0
package/server/controllers/admin/systemAdminController.js +201 -0
package/server/controllers/email/emailAutomationController.js +239 -0
package/server/controllers/metricsController.js +21 -0
package/server/controllers/seo/stickerCatalogSeoContext.js +514 -0
package/server/controllers/sticker/nonCatalogHandlers.js +303 -0
package/server/controllers/sticker/stickerCatalogController.js +4700 -0
package/server/controllers/system/contactController.js +115 -0
package/server/controllers/system/githubController.js +137 -0
package/server/controllers/system/stickerCatalogSystemContext.js +758 -0
package/server/controllers/system/storageController.js +154 -0
package/server/controllers/system/systemController.js +135 -0
package/server/controllers/system/systemMetricsController.js +156 -0
package/server/controllers/system/visitController.js +90 -0
package/server/controllers/userController.js +145 -0
package/server/email/emailAutomationRuntime.js +225 -0
package/server/email/emailAutomationService.js +125 -0
package/server/email/emailOutboxRepository.js +282 -0
package/server/email/emailTemplateService.js +480 -0
package/server/email/emailTransportService.js +156 -0
package/server/http/clientIp.js +95 -0
package/server/http/httpRequestUtils.js +262 -0
package/server/http/httpRequestUtils.test.js +80 -0
package/server/http/httpServer.js +180 -0
package/server/http/requestContext.js +20 -0
package/server/http/siteRoutingUtils.js +87 -0
package/server/index.js +1 -0
package/server/middleware/cachePolicy.js +26 -0
package/server/middleware/cachePolicyHelpers.js +1 -0
package/server/middleware/endpointRateLimit.js +181 -0
package/server/middleware/rateLimit.js +70 -0
package/server/middleware/requireAdminAuth.js +48 -0
package/server/middleware/securityHeaders.js +97 -0
package/server/routes/admin/systemAdminRouter.js +64 -0
package/server/routes/email/emailAutomationRouter.js +46 -0
package/server/routes/health/healthRouter.js +41 -0
package/server/routes/indexRouter.js +234 -0
package/server/routes/metrics/metricsRouter.js +58 -0
package/server/routes/static/staticPageRouter.js +134 -0
package/server/routes/sticker/catalogHandlers/catalogAdminHttp.js +105 -0
package/server/routes/sticker/catalogHandlers/catalogAuthHttp.js +77 -0
package/server/routes/sticker/catalogHandlers/catalogPublicHttp.js +120 -0
package/server/routes/sticker/catalogHandlers/catalogUploadHttp.js +83 -0
package/server/routes/sticker/catalogRouter.js +77 -0
package/server/routes/sticker/stickerApiRouter.js +84 -0
package/server/routes/sticker/stickerDataRouter.js +145 -0
package/server/routes/sticker/stickerSiteRouter.js +43 -0
package/server/routes/user/userApiPaths.js +66 -0
package/server/routes/user/userRouter.js +65 -0
package/server/utils/safePath.js +26 -0
package/utils/logger/loggerModule.js +35 -0
package/vite.config.mjs +38 -0

package/server/controllers/system/storageController.js ADDED Viewed

@@ -0,0 +1,154 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { normalizeBasePath, sendAsset, sendJson } from '../../http/httpRequestUtils.js';
+import logger from '#logger';
+const STICKER_DATA_PUBLIC_PATH = normalizeBasePath(process.env.STICKER_DATA_PUBLIC_PATH, '/data');
+const STICKER_DATA_PUBLIC_DIR = path.resolve(process.env.STICKER_DATA_PUBLIC_DIR || path.join(process.cwd(), 'data'));
+const MAX_DATA_SCAN_FILES = Number(process.env.STICKER_DATA_SCAN_MAX_FILES || 10000);
+const DATA_IMAGE_EXTENSIONS = new Set(['.webp', '.png', '.jpg', '.jpeg', '.gif', '.avif', '.bmp']);
+const normalizeRelativePath = (value) =>
+  String(value || '')
+    .split(path.sep)
+    .join('/')
+    .replace(/^\/+/, '');
+const isAllowedDataImageFile = (filePath) => DATA_IMAGE_EXTENSIONS.has(path.extname(filePath).toLowerCase());
+const isInsideDataPublicRoot = (targetPath) => targetPath === STICKER_DATA_PUBLIC_DIR || targetPath.startsWith(`${STICKER_DATA_PUBLIC_DIR}${path.sep}`);
+const buildDataAssetUrl = (relativePath) =>
+  `${STICKER_DATA_PUBLIC_PATH}/${String(relativePath)
+    .split('/')
+    .map((segment) => encodeURIComponent(segment))
+    .join('/')}`;
+export const toPublicDataUrlFromStoragePath = (storagePath) => {
+  if (!storagePath) return null;
+  const absolutePath = path.resolve(String(storagePath));
+  if (!isInsideDataPublicRoot(absolutePath)) return null;
+  const relativePath = normalizeRelativePath(path.relative(STICKER_DATA_PUBLIC_DIR, absolutePath));
+  if (!relativePath || relativePath.startsWith('..')) return null;
+  return buildDataAssetUrl(relativePath);
+};
+export const toImageMimeType = (filePath) => {
+  const extension = path.extname(filePath).toLowerCase();
+  if (extension === '.png') return 'image/png';
+  if (extension === '.jpg' || extension === '.jpeg') return 'image/jpeg';
+  if (extension === '.gif') return 'image/gif';
+  if (extension === '.avif') return 'image/avif';
+  if (extension === '.bmp') return 'image/bmp';
+  return 'image/webp';
+};
+export const listDataImageFiles = async () => {
+  const files = [];
+  const queue = [STICKER_DATA_PUBLIC_DIR];
+  while (queue.length && files.length < MAX_DATA_SCAN_FILES) {
+    const currentDir = queue.shift();
+    let entries = [];
+    try {
+      entries = await fs.readdir(currentDir, { withFileTypes: true });
+    } catch (error) {
+      if (error?.code === 'ENOENT') break;
+      throw error;
+    }
+    for (const entry of entries) {
+      const absolutePath = path.join(currentDir, entry.name);
+      if (!isInsideDataPublicRoot(absolutePath)) continue;
+      if (entry.isDirectory()) {
+        queue.push(absolutePath);
+        continue;
+      }
+      if (!entry.isFile()) continue;
+      if (!isAllowedDataImageFile(entry.name)) continue;
+      const relativePath = normalizeRelativePath(path.relative(STICKER_DATA_PUBLIC_DIR, absolutePath));
+      if (!relativePath || relativePath.startsWith('..')) continue;
+      let stat = null;
+      try {
+        stat = await fs.stat(absolutePath);
+      } catch {
+        stat = null;
+      }
+      files.push({
+        name: path.basename(relativePath),
+        relative_path: relativePath,
+        size_bytes: stat?.size ?? null,
+        updated_at: stat?.mtime ? stat.mtime.toISOString() : null,
+        created_at: stat?.ctime ? stat.ctime.toISOString() : null,
+        url: buildDataAssetUrl(relativePath),
+      });
+      if (files.length >= MAX_DATA_SCAN_FILES) break;
+    }
+  }
+  files.sort((left, right) => {
+    const leftTime = left.updated_at ? Date.parse(left.updated_at) : 0;
+    const rightTime = right.updated_at ? Date.parse(right.updated_at) : 0;
+    return rightTime - leftTime;
+  });
+  return files;
+};
+export const handlePublicDataAssetRequest = async (req, res, pathname) => {
+  const suffix = pathname.slice(STICKER_DATA_PUBLIC_PATH.length).replace(/^\/+/, '');
+  if (!suffix) {
+    sendJson(req, res, 400, {
+      error: 'Informe o caminho do arquivo. Exemplo: /data/stickers/arquivo.webp',
+    });
+    return true;
+  }
+  const decodedSegments = suffix
+    .split('/')
+    .filter(Boolean)
+    .map((segment) => {
+      try {
+        return decodeURIComponent(segment);
+      } catch {
+        return segment;
+      }
+    });
+  const relativePath = normalizeRelativePath(decodedSegments.join('/'));
+  if (!relativePath || relativePath.includes('..') || !isAllowedDataImageFile(relativePath)) {
+    sendJson(req, res, 400, { error: 'Caminho de imagem invalido.' });
+    return true;
+  }
+  const absolutePath = path.resolve(STICKER_DATA_PUBLIC_DIR, relativePath);
+  if (!isInsideDataPublicRoot(absolutePath)) {
+    sendJson(req, res, 403, { error: 'Acesso negado.' });
+    return true;
+  }
+  try {
+    const buffer = await fs.readFile(absolutePath);
+    sendAsset(req, res, buffer, toImageMimeType(absolutePath));
+    return true;
+  } catch (error) {
+    if (error?.code === 'ENOENT') {
+      sendJson(req, res, 404, { error: 'Imagem nao encontrada.' });
+      return true;
+    }
+    logger.error('Falha ao servir imagem da pasta data.', {
+      action: 'sticker_catalog_data_asset_failed',
+      error: error?.message,
+      relative_path: relativePath,
+    });
+    return false;
+  }
+};

package/server/controllers/system/systemController.js ADDED Viewed

@@ -0,0 +1,135 @@
+import logger from '#logger';
+import { executeQuery, TABLES } from '../../../database/index.js';
+import { getActiveSocket, getJidUser, normalizeJid, profilePictureUrlFromActiveSocket } from '../../../app/config/index.js';
+import { getSystemMetrics } from '../../../app/utils/systemMetrics/systemMetricsModule.js';
+import { createStickerCatalogSystemContext } from './stickerCatalogSystemContext.js';
+import { createStickerCatalogNonCatalogHandlers } from '../sticker/nonCatalogHandlers.js';
+import { sendJson, sendText, normalizeCatalogVisibility, normalizeVisitPath } from '../../http/httpRequestUtils.js';
+import { fetchGitHubProjectSummary } from './githubController.js';
+import { fetchPrometheusSummary } from './systemMetricsController.js';
+import { buildBotContactInfo, buildSupportInfo, resolveCatalogBotPhone } from './contactController.js';
+import { buildAdminMenu, buildAiMenu, buildAnimeMenu, buildMediaMenu, buildMenuCaption, buildQuoteMenu, buildStatsMenu, buildStickerMenu } from '../../../app/modules/menuModule/common.js';
+import { trackWebVisitMetric } from './visitController.js';
+const SYSTEM_SUMMARY_CACHE_SECONDS = Number(process.env.SYSTEM_SUMMARY_CACHE_SECONDS || 20);
+const README_SUMMARY_CACHE_SECONDS = Number(process.env.README_SUMMARY_CACHE_SECONDS || 1800);
+const README_MESSAGE_TYPE_SAMPLE_LIMIT = Number(process.env.README_MESSAGE_TYPE_SAMPLE_LIMIT || 25000);
+const README_COMMAND_PREFIX = process.env.README_COMMAND_PREFIX || process.env.COMMAND_PREFIX || '/';
+const GLOBAL_RANK_REFRESH_SECONDS = Number(process.env.GLOBAL_RANK_REFRESH_SECONDS || 600);
+const MARKETPLACE_GLOBAL_STATS_CACHE_SECONDS = Number(process.env.MARKETPLACE_GLOBAL_STATS_CACHE_SECONDS || 45);
+const GITHUB_PROJECT_CACHE_SECONDS = Number(process.env.GITHUB_PROJECT_CACHE_SECONDS || 300);
+const SYSTEM_SUMMARY_CACHE = { expiresAt: 0, value: null, pending: null };
+const README_SUMMARY_CACHE = { expiresAt: 0, value: null, pending: null };
+const GLOBAL_RANK_CACHE = { expiresAt: 0, value: null, pending: null };
+const MARKETPLACE_GLOBAL_STATS_CACHE = { expiresAt: 0, value: null, pending: null };
+const resolveSocketReadyState = (activeSocket) => {
+  const raw = activeSocket?.ws?.readyState;
+  if (typeof raw === 'number' && Number.isFinite(raw)) return raw;
+  const normalized = String(raw || '')
+    .trim()
+    .toLowerCase();
+  if (normalized === 'open') return 1;
+  if (normalized === 'connecting') return 0;
+  if (normalized === 'closing') return 2;
+  if (normalized === 'closed') return 3;
+  return null;
+};
+const resolveActiveSocketBotJid = (sock) => {
+  if (!sock) return '';
+  const candidates = [sock?.user?.id, sock?.authState?.creds?.me?.id, sock?.authState?.creds?.me?.lid];
+  for (const candidate of candidates) {
+    const resolved = normalizeJid(candidate);
+    if (resolved) return resolved;
+  }
+  return '';
+};
+export const systemContext = createStickerCatalogSystemContext({
+  executeQuery,
+  tables: TABLES,
+  logger,
+  getSystemMetrics,
+  getActiveSocket,
+  resolveSocketReadyState,
+  resolveActiveSocketBotJid,
+  resolveCatalogBotPhone,
+  fetchPrometheusSummary,
+  metricsEndpoint: process.env.METRICS_ENDPOINT,
+  systemSummaryCache: SYSTEM_SUMMARY_CACHE,
+  systemSummaryCacheSeconds: SYSTEM_SUMMARY_CACHE_SECONDS,
+  readmeSummaryCache: README_SUMMARY_CACHE,
+  readmeSummaryCacheSeconds: README_SUMMARY_CACHE_SECONDS,
+  readmeMessageTypeSampleLimit: README_MESSAGE_TYPE_SAMPLE_LIMIT,
+  readmeCommandPrefix: README_COMMAND_PREFIX,
+  buildMenuCaption,
+  buildStickerMenu,
+  buildMediaMenu,
+  buildQuoteMenu,
+  buildAnimeMenu,
+  buildAiMenu,
+  buildStatsMenu,
+  buildAdminMenu,
+  profilePictureUrlFromActiveSocket,
+  normalizeJid,
+  getJidUser,
+  globalRankCache: GLOBAL_RANK_CACHE,
+  globalRankRefreshSeconds: GLOBAL_RANK_REFRESH_SECONDS,
+  marketplaceGlobalStatsCache: MARKETPLACE_GLOBAL_STATS_CACHE,
+  marketplaceGlobalStatsCacheSeconds: MARKETPLACE_GLOBAL_STATS_CACHE_SECONDS,
+});
+const { getSystemSummaryCached, getReadmeSummaryCached, resolveBotUserCandidates, sanitizeRankingPayloadByBot, getGlobalRankingSummaryCached, scheduleGlobalRankingPreload, getMarketplaceGlobalStatsCached } = systemContext;
+const resolveVisitPathFromReferrer = (req) => {
+  const rawReferrer = String(req?.headers?.referer || req?.headers?.referrer || '').trim();
+  if (!rawReferrer) return '/';
+  try {
+    const parsed = new URL(rawReferrer);
+    const requestHost = req.headers.host;
+    if (requestHost && parsed.host && parsed.host.toLowerCase() !== requestHost.toLowerCase()) return '/';
+    return normalizeVisitPath(parsed.pathname || '/');
+  } catch {
+    return '/';
+  }
+};
+export const systemHandlers = createStickerCatalogNonCatalogHandlers({
+  sendJson,
+  sendText,
+  logger,
+  getSystemSummaryCached,
+  systemSummaryCache: SYSTEM_SUMMARY_CACHE,
+  systemSummaryCacheSeconds: SYSTEM_SUMMARY_CACHE_SECONDS,
+  getReadmeSummaryCached,
+  readmeSummaryCache: README_SUMMARY_CACHE,
+  readmeSummaryCacheSeconds: README_SUMMARY_CACHE_SECONDS,
+  getGlobalRankingSummaryCached,
+  globalRankRefreshSeconds: GLOBAL_RANK_REFRESH_SECONDS,
+  globalRankCache: GLOBAL_RANK_CACHE,
+  sanitizeRankingPayloadByBot,
+  getActiveSocket,
+  resolveBotUserCandidates,
+  getMarketplaceGlobalStatsCached,
+  marketplaceGlobalStatsCacheSeconds: MARKETPLACE_GLOBAL_STATS_CACHE_SECONDS,
+  marketplaceGlobalStatsCache: MARKETPLACE_GLOBAL_STATS_CACHE,
+  githubRepoInfo: { fullName: process.env.GITHUB_REPOSITORY || 'Omnizap-System/omnizap' },
+  githubProjectCacheSeconds: GITHUB_PROJECT_CACHE_SECONDS,
+  fetchGitHubProjectSummary,
+  buildSupportInfo,
+  buildBotContactInfo,
+  trackWebVisitMetric,
+  resolveVisitPathFromReferrer,
+  normalizeCatalogVisibility,
+  stickerWebGoogleClientId: process.env.STICKER_WEB_GOOGLE_CLIENT_ID,
+  homeBootstrapExposeContact: process.env.HOME_BOOTSTRAP_EXPOSE_CONTACT !== 'false',
+  // Estas serão injetadas via bridge para evitar circular dependency
+  getMarketplaceStatsCached: (vis) => globalThis.getMarketplaceStatsCachedBridge?.(vis),
+  resolveGoogleWebSessionFromRequest: (req) => globalThis.resolveGoogleWebSessionFromRequestBridge?.(req),
+  mapGoogleSessionResponseData: (sess, opts) => globalThis.mapGoogleSessionResponseDataBridge?.(sess, opts),
+  isAuthenticatedGoogleSession: (sess) => Boolean(sess?.sub && (sess?.ownerJid || sess?.ownerPhone || sess?.email)),
+});
+export { scheduleGlobalRankingPreload };

package/server/controllers/system/systemMetricsController.js ADDED Viewed

@@ -0,0 +1,156 @@
+import { formatDuration } from '../../http/httpRequestUtils.js';
+const METRICS_ENDPOINT = process.env.METRICS_ENDPOINT || `http://127.0.0.1:${process.env.METRICS_PORT || 9102}${process.env.METRICS_PATH || '/metrics'}`;
+const METRICS_TOKEN = String(process.env.METRICS_TOKEN || process.env.METRICS_API_KEY || '').trim();
+const METRICS_SUMMARY_TIMEOUT_MS = Number(process.env.STICKER_SYSTEM_METRICS_TIMEOUT_MS || 1200);
+const parsePrometheusLabels = (raw) => {
+  if (!raw) return {};
+  const labels = {};
+  const regex = /(\w+)="((?:\\.|[^"\\])*)"/g;
+  let match;
+  while ((match = regex.exec(raw)) !== null) {
+    labels[match[1]] = match[2].replace(/\\"/g, '"');
+  }
+  return labels;
+};
+const parsePrometheusText = (text) => {
+  const series = new Map();
+  const lines = String(text || '').split('\n');
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const [metricPart, valuePart] = trimmed.split(/\s+/, 2);
+    if (!metricPart || !valuePart) continue;
+    const value = Number(valuePart);
+    if (!Number.isFinite(value)) continue;
+    let name = metricPart;
+    let labels = {};
+    const labelStart = metricPart.indexOf('{');
+    if (labelStart !== -1) {
+      name = metricPart.slice(0, labelStart);
+      const labelBody = metricPart.slice(labelStart + 1, metricPart.lastIndexOf('}'));
+      labels = parsePrometheusLabels(labelBody);
+    }
+    const list = series.get(name) || [];
+    list.push({ labels, value });
+    series.set(name, list);
+  }
+  return series;
+};
+const pickMetricValue = (series, name) => {
+  const list = series.get(name) || [];
+  return list.length ? list[0].value : null;
+};
+const sumMetricValues = (series, name) => {
+  const list = series.get(name) || [];
+  return list.reduce((sum, entry) => sum + (Number.isFinite(entry.value) ? entry.value : 0), 0);
+};
+const sumMetricValuesByLabel = (series, name, matchLabels = {}) => {
+  const list = series.get(name) || [];
+  return list.reduce((sum, entry) => {
+    if (!Number.isFinite(entry.value)) return sum;
+    for (const [labelKey, expectedValue] of Object.entries(matchLabels || {})) {
+      if (String(entry?.labels?.[labelKey] || '') !== String(expectedValue)) return sum;
+    }
+    return sum + entry.value;
+  }, 0);
+};
+const estimateHistogramQuantileMs = (series, metricBaseName, quantile = 0.95) => {
+  const bucketSeries = series.get(`${metricBaseName}_bucket`) || [];
+  if (!bucketSeries.length) return null;
+  const cumulativeByLe = new Map();
+  for (const entry of bucketSeries) {
+    const leRaw = String(entry?.labels?.le || '').trim();
+    if (!leRaw) continue;
+    const le = leRaw === '+Inf' ? Number.POSITIVE_INFINITY : Number(leRaw);
+    if (!Number.isFinite(le) && le !== Number.POSITIVE_INFINITY) continue;
+    cumulativeByLe.set(le, (cumulativeByLe.get(le) || 0) + Number(entry.value || 0));
+  }
+  const sorted = Array.from(cumulativeByLe.entries()).sort((left, right) => left[0] - right[0]);
+  if (!sorted.length) return null;
+  const total = Number(sorted[sorted.length - 1]?.[1] || 0);
+  if (!Number.isFinite(total) || total <= 0) return null;
+  const target = total * Math.max(0, Math.min(1, Number(quantile) || 0.95));
+  for (const [upperBound, cumulative] of sorted) {
+    if (cumulative >= target) {
+      if (!Number.isFinite(upperBound)) return null;
+      return Number(upperBound.toFixed(2));
+    }
+  }
+  return null;
+};
+const buildMetricsRequestOptions = (signal = null) => {
+  const headers = {};
+  if (METRICS_TOKEN) {
+    headers.Authorization = `Bearer ${METRICS_TOKEN}`;
+  }
+  return {
+    ...(signal ? { signal } : {}),
+    ...(Object.keys(headers).length > 0 ? { headers } : {}),
+  };
+};
+export const fetchPrometheusSummary = async () => {
+  if (typeof globalThis.fetch !== 'function') {
+    throw new Error('fetch indisponivel');
+  }
+  const controller = typeof globalThis.AbortController === 'function' ? new globalThis.AbortController() : null;
+  const timeout = setTimeout(() => controller?.abort(), METRICS_SUMMARY_TIMEOUT_MS);
+  try {
+    const response = await globalThis.fetch(METRICS_ENDPOINT, buildMetricsRequestOptions(controller?.signal || null));
+    if (!response.ok) {
+      throw new Error(`HTTP ${response.status}`);
+    }
+    const text = await response.text();
+    const series = parsePrometheusText(text);
+    const processStart = pickMetricValue(series, 'omnizap_process_start_time_seconds');
+    const nowSeconds = Date.now() / 1000;
+    const processUptimeSeconds = Number.isFinite(processStart) ? Math.max(0, nowSeconds - processStart) : null;
+    const lagP99 = pickMetricValue(series, 'omnizap_nodejs_eventloop_lag_p99_seconds');
+    const dbTotal = sumMetricValues(series, 'omnizap_db_query_total');
+    const dbSlow = sumMetricValues(series, 'omnizap_db_slow_queries_total');
+    const http5xx = sumMetricValuesByLabel(series, 'omnizap_http_requests_total', {
+      status_class: '5xx',
+    });
+    const httpLatencyP95 = estimateHistogramQuantileMs(series, 'omnizap_http_request_duration_ms', 0.95);
+    const queueDepthSeries = series.get('omnizap_queue_depth') || [];
+    const queuePeak = queueDepthSeries.reduce((max, entry) => {
+      if (!Number.isFinite(entry.value)) return max;
+      return Math.max(max, entry.value);
+    }, 0);
+    return {
+      process_uptime: processUptimeSeconds !== null ? formatDuration(processUptimeSeconds) : 'n/a',
+      lag_p99_ms: Number.isFinite(lagP99) ? Number((lagP99 * 1000).toFixed(2)) : null,
+      db_total: Math.round(dbTotal || 0),
+      db_slow: Math.round(dbSlow || 0),
+      http_5xx_total: Math.round(http5xx || 0),
+      http_latency_p95_ms: Number.isFinite(httpLatencyP95) ? Number(httpLatencyP95) : null,
+      queue_peak: Math.round(queuePeak || 0),
+    };
+  } finally {
+    clearTimeout(timeout);
+  }
+};

package/server/controllers/system/visitController.js ADDED Viewed

@@ -0,0 +1,90 @@
+import { randomUUID } from 'node:crypto';
+import { executeQuery, TABLES } from '../../../database/index.js';
+import { appendSetCookie, buildCookieString, normalizeVisitPath, parseCookies } from '../../http/httpRequestUtils.js';
+import { toRequestHost } from '../../http/siteRoutingUtils.js';
+const WEB_VISITOR_COOKIE_NAME = 'omnizap_vid';
+const WEB_SESSION_COOKIE_NAME = 'omnizap_sid';
+const WEB_VISITOR_COOKIE_TTL_SECONDS = Number(process.env.WEB_VISITOR_COOKIE_TTL_SECONDS || 60 * 60 * 24 * 365);
+const WEB_SESSION_COOKIE_TTL_SECONDS = Number(process.env.WEB_SESSION_COOKIE_TTL_SECONDS || 60 * 60 * 24 * 30);
+const normalizeVisitToken = (raw) =>
+  String(raw || '')
+    .trim()
+    .replace(/[^a-zA-Z0-9_-]+/g, '')
+    .slice(0, 80);
+const normalizeVisitSource = (raw) =>
+  String(raw || '')
+    .trim()
+    .toLowerCase()
+    .replace(/[^a-z0-9._-]+/g, '')
+    .slice(0, 32) || 'web';
+const normalizeVisitReferrer = (raw) =>
+  String(raw || '')
+    .trim()
+    .slice(0, 1024) || null;
+const normalizeVisitUserAgent = (raw) =>
+  String(raw || '')
+    .trim()
+    .slice(0, 512) || null;
+const resolveVisitPathFromReferrer = (req) => {
+  const rawReferrer = String(req?.headers?.referer || req?.headers?.referrer || '').trim();
+  if (!rawReferrer) return '/';
+  try {
+    const parsed = new URL(rawReferrer);
+    const requestHost = toRequestHost(req);
+    if (requestHost && parsed.host && parsed.host.toLowerCase() !== requestHost.toLowerCase()) return '/';
+    return normalizeVisitPath(parsed.pathname || '/');
+  } catch {
+    return '/';
+  }
+};
+const ensureWebVisitCookies = (req, res) => {
+  const cookies = parseCookies(req);
+  const currentVisitor = normalizeVisitToken(cookies[WEB_VISITOR_COOKIE_NAME]);
+  const currentSession = normalizeVisitToken(cookies[WEB_SESSION_COOKIE_NAME]);
+  const visitorKey = currentVisitor || randomUUID();
+  const sessionKey = currentSession || randomUUID();
+  if (!currentVisitor) {
+    appendSetCookie(
+      res,
+      buildCookieString(WEB_VISITOR_COOKIE_NAME, visitorKey, req, {
+        maxAgeSeconds: WEB_VISITOR_COOKIE_TTL_SECONDS,
+      }),
+    );
+  }
+  appendSetCookie(
+    res,
+    buildCookieString(WEB_SESSION_COOKIE_NAME, sessionKey, req, {
+      maxAgeSeconds: WEB_SESSION_COOKIE_TTL_SECONDS,
+    }),
+  );
+  return { visitorKey, sessionKey };
+};
+export const trackWebVisitMetric = (req, res, { pagePath = '/', source = 'web' } = {}) => {
+  if ((req.method || '').toUpperCase() === 'HEAD') return Promise.resolve(false);
+  const { visitorKey, sessionKey } = ensureWebVisitCookies(req, res);
+  const safePath = normalizeVisitPath(pagePath || resolveVisitPathFromReferrer(req));
+  const safeSource = normalizeVisitSource(source);
+  const safeReferrer = normalizeVisitReferrer(req?.headers?.referer || req?.headers?.referrer || '');
+  const safeUserAgent = normalizeVisitUserAgent(req?.headers?.['user-agent'] || '');
+  return executeQuery(
+    `INSERT INTO ${TABLES.WEB_VISIT_EVENT}
+      (visitor_key, session_key, page_path, referrer, user_agent, source)
+     VALUES (?, ?, ?, ?, ?, ?)`,
+    [visitorKey, sessionKey, safePath, safeReferrer, safeUserAgent, safeSource],
+  ).catch((error) => {
+    if (error?.code === 'ER_NO_SUCH_TABLE') return false;
+    throw error;
+  });
+};

package/server/controllers/userController.js ADDED Viewed

@@ -0,0 +1,145 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import logger from '#logger';
+import { DEFAULT_LEGACY_STICKER_API_BASE_PATH, DEFAULT_USER_API_BASE_PATH, isUserApiPath, normalizeBasePath, resolveLegacyUserApiPath } from '../routes/user/userApiPaths.js';
+const LEGACY_STICKER_API_BASE_PATH = normalizeBasePath(process.env.STICKER_API_BASE_PATH, DEFAULT_LEGACY_STICKER_API_BASE_PATH);
+const USER_API_BASE_PATH = normalizeBasePath(process.env.USER_API_BASE_PATH || process.env.AUTH_API_BASE_PATH, DEFAULT_USER_API_BASE_PATH);
+const STICKER_LOGIN_WEB_PATH = normalizeBasePath(process.env.STICKER_LOGIN_WEB_PATH, '/login');
+const USER_PROFILE_WEB_PATH = normalizeBasePath(process.env.USER_PROFILE_WEB_PATH, '/user');
+const USER_PASSWORD_RESET_WEB_PATH = normalizeBasePath(process.env.USER_PASSWORD_RESET_WEB_PATH, '/user/password-reset');
+const USER_DASHBOARD_TEMPLATE_PATH = path.join(process.cwd(), 'public', 'pages', 'user.html');
+const USER_PASSWORD_RESET_TEMPLATE_PATH = path.join(process.cwd(), 'public', 'pages', 'user-password-reset.html');
+const hasPathPrefix = (pathname, prefix) => pathname === prefix || pathname.startsWith(`${prefix}/`);
+const escapeHtmlAttribute = (value) =>
+  String(value || '')
+    .replace(/&/g, '&amp;')
+    .replace(/"/g, '&quot;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;');
+const replaceDataAttribute = (html, attributeName, value) => String(html || '').replace(new RegExp(`(${attributeName}=")([^"]*)(")`, 'i'), `$1${escapeHtmlAttribute(value)}$3`);
+const remapUrlPathname = (url, pathname) => {
+  if (!url || !pathname) return url;
+  try {
+    const remappedUrl = new URL(String(url?.href || url));
+    remappedUrl.pathname = pathname;
+    return remappedUrl;
+  } catch {
+    return url;
+  }
+};
+const isSupportedUserApiPath = (pathname) => isUserApiPath(pathname, USER_API_BASE_PATH) || isUserApiPath(pathname, LEGACY_STICKER_API_BASE_PATH, { legacyCompatible: true });
+const mapUserApiPathToLegacy = (pathname) =>
+  resolveLegacyUserApiPath(pathname, {
+    apiBasePath: USER_API_BASE_PATH,
+    legacyApiBasePath: LEGACY_STICKER_API_BASE_PATH,
+    legacyCompatible: true,
+  }) ||
+  resolveLegacyUserApiPath(pathname, {
+    apiBasePath: LEGACY_STICKER_API_BASE_PATH,
+    legacyApiBasePath: LEGACY_STICKER_API_BASE_PATH,
+    legacyCompatible: true,
+  });
+const renderUserDashboardHtml = async ({ passwordReset = false } = {}) => {
+  const templatePath = passwordReset ? USER_PASSWORD_RESET_TEMPLATE_PATH : USER_DASHBOARD_TEMPLATE_PATH;
+  const template = await fs.readFile(templatePath, 'utf8');
+  const dataAttributes = {
+    'data-api-base-path': USER_API_BASE_PATH,
+    'data-login-path': STICKER_LOGIN_WEB_PATH,
+    'data-password-reset-web-path': USER_PASSWORD_RESET_WEB_PATH,
+  };
+  let html = template;
+  for (const [attributeName, value] of Object.entries(dataAttributes)) {
+    html = replaceDataAttribute(html, attributeName, value);
+  }
+  return html;
+};
+let stickerCatalogControllerPromise = null;
+const loadStickerCatalogController = async () => {
+  if (!stickerCatalogControllerPromise) {
+    stickerCatalogControllerPromise = import('./sticker/stickerCatalogController.js');
+  }
+  return stickerCatalogControllerPromise;
+};
+const sendHtml = (req, res, html) => {
+  res.statusCode = 200;
+  res.setHeader('Content-Type', 'text/html; charset=utf-8');
+  res.setHeader('Cache-Control', 'no-store');
+  res.setHeader('X-Robots-Tag', 'noindex, nofollow');
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(html);
+};
+const sendJson = (req, res, statusCode, payload) => {
+  const body = JSON.stringify(payload);
+  res.statusCode = statusCode;
+  res.setHeader('Content-Type', 'application/json; charset=utf-8');
+  res.setHeader('Cache-Control', 'no-store');
+  res.setHeader('X-Robots-Tag', 'noindex, nofollow');
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(body);
+};
+export const getUserRouteConfig = () => ({
+  webPath: USER_PROFILE_WEB_PATH,
+  loginPath: STICKER_LOGIN_WEB_PATH,
+  passwordResetWebPath: USER_PASSWORD_RESET_WEB_PATH,
+  apiBasePath: USER_API_BASE_PATH,
+  legacyApiBasePath: LEGACY_STICKER_API_BASE_PATH,
+});
+export const maybeHandleUserRequest = async (req, res, { pathname, url }) => {
+  if (!['GET', 'HEAD', 'POST', 'PATCH', 'DELETE'].includes(req.method || '')) return false;
+  const isUserHomePath = pathname === USER_PROFILE_WEB_PATH || pathname === `${USER_PROFILE_WEB_PATH}/`;
+  const isPasswordResetPath = hasPathPrefix(pathname, USER_PASSWORD_RESET_WEB_PATH);
+  if (isUserHomePath || isPasswordResetPath) {
+    if (!['GET', 'HEAD'].includes(req.method || '')) return false;
+    try {
+      const html = await renderUserDashboardHtml({ passwordReset: isPasswordResetPath });
+      sendHtml(req, res, html);
+    } catch (error) {
+      if (error?.code === 'ENOENT') {
+        sendJson(req, res, 404, { error: 'Template da pagina de usuario nao encontrado.' });
+        return true;
+      }
+      logger.error('Falha ao renderizar pagina de usuario.', {
+        action: 'user_page_render_failed',
+        path: pathname,
+        error: error?.message,
+      });
+      sendJson(req, res, 500, { error: 'Falha interna ao renderizar pagina de usuario.' });
+    }
+    return true;
+  }
+  if (isSupportedUserApiPath(pathname)) {
+    const routedPathname = mapUserApiPathToLegacy(pathname) || pathname;
+    const controller = await loadStickerCatalogController();
+    if (typeof controller?.maybeHandleStickerCatalogRequest !== 'function') return false;
+    return controller.maybeHandleStickerCatalogRequest(req, res, {
+      pathname: routedPathname,
+      url: remapUrlPathname(url, routedPathname),
+    });
+  }
+  return false;
+};