@omnizap-system/omnizap 2.5.12

package/server/routes/indexRouter.js

@@ -0,0 +1,234 @@
+import path from 'node:path';
+
+import { maybeHandleMetricsRequest } from './metrics/metricsRouter.js';
+import { maybeHandleHealthRequest, shouldHandleHealthPath } from './health/healthRouter.js';
+import { getEmailAutomationRouterConfig, maybeHandleEmailAutomationRequest, shouldHandleEmailAutomationPath } from './email/emailAutomationRouter.js';
+import { buildUserApiPaths, getUserRouterConfig, maybeHandleUserRequest, shouldHandleUserPath } from './user/userRouter.js';
+import { getSystemAdminRouterConfig, maybeHandleSystemAdminRequest, shouldHandleSystemAdminPath } from './admin/systemAdminRouter.js';
+import { getStickerSiteRouterConfig, maybeHandleStickerSiteRequest, shouldHandleStickerSitePath } from './sticker/stickerSiteRouter.js';
+import { getStickerDataRouterConfig, maybeHandleStickerDataRequest, shouldHandleStickerDataPath } from './sticker/stickerDataRouter.js';
+import { getStickerApiRouterConfig, maybeHandleStickerApiRequest, shouldHandleStickerApiPath } from './sticker/stickerApiRouter.js';
+import { maybeHandleStaticPageRequest, shouldHandleStaticPagePath } from './static/staticPageRouter.js';
+
+const startsWithPath = (pathname, prefix) => {
+  if (!pathname || !prefix) return false;
+  if (pathname === prefix) return true;
+  return pathname.startsWith(`${prefix}/`);
+};
+
+const normalizeBasePath = (value, fallback) => {
+  const raw = String(value || '').trim() || fallback;
+  const withLeadingSlash = raw.startsWith('/') ? raw : `/${raw}`;
+  const withoutTrailingSlash = withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/') ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+  return withoutTrailingSlash || fallback;
+};
+
+const sendNotFound = (req, res) => {
+  if (res.writableEnded) return true;
+  res.statusCode = 404;
+  res.setHeader('Content-Type', 'application/json; charset=utf-8');
+  if (req.method === 'HEAD') {
+    res.end();
+    return true;
+  }
+  res.end(JSON.stringify({ error: 'Not Found' }));
+  return true;
+};
+
+let indexRouteConfigsPromise = null;
+
+const loadUserConfigSafe = async () => {
+  try {
+    return await getUserRouterConfig();
+  } catch {
+    return {
+      webPath: '/user',
+      passwordResetWebPath: '/user/password-reset',
+      apiBasePath: '/api',
+      legacyApiBasePath: '/api/sticker-packs',
+    };
+  }
+};
+
+const loadSystemAdminConfigSafe = async () => {
+  try {
+    return await getSystemAdminRouterConfig();
+  } catch {
+    return {
+      webPath: '/user/systemadm',
+      legacyWebPath: '/stickers/admin',
+      apiAdminBasePath: '/api/admin',
+      apiAdminSessionPath: '/api/admin/session',
+      legacyApiAdminBasePath: '/api/sticker-packs/admin',
+      legacyApiAdminSessionPath: '/api/sticker-packs/admin/session',
+    };
+  }
+};
+
+const loadEmailAutomationConfigSafe = async () => {
+  try {
+    return await getEmailAutomationRouterConfig();
+  } catch {
+    return {
+      apiBasePath: '/api/email',
+    };
+  }
+};
+
+const loadStickerSiteConfigSafe = async () => {
+  try {
+    return await getStickerSiteRouterConfig();
+  } catch {
+    return {
+      enabled: true,
+      webPath: '/stickers',
+      apiBasePath: '/api/sticker-packs',
+      orphanApiPath: '/api/sticker-packs/orphan-stickers',
+      dataPublicPath: '/data',
+      dataPublicDir: path.resolve(process.cwd(), 'data'),
+    };
+  }
+};
+
+const loadStickerDataConfigSafe = async () => {
+  try {
+    return await getStickerDataRouterConfig();
+  } catch {
+    return {
+      dataPublicPath: '/data',
+      dataPublicDir: path.resolve(process.cwd(), 'data'),
+    };
+  }
+};
+
+const loadStickerApiConfigSafe = async () => {
+  try {
+    return await getStickerApiRouterConfig();
+  } catch {
+    return {
+      apiBasePath: '/api/sticker-packs',
+      marketplaceStatsPath: '/api/marketplace/stats',
+    };
+  }
+};
+
+export const getIndexRouteConfigs = async () => {
+  if (!indexRouteConfigsPromise) {
+    indexRouteConfigsPromise = Promise.all([loadUserConfigSafe(), loadSystemAdminConfigSafe(), loadEmailAutomationConfigSafe(), loadStickerSiteConfigSafe(), loadStickerDataConfigSafe(), loadStickerApiConfigSafe()]).then(([userConfig, systemAdminConfig, emailAutomationConfig, stickerSiteConfig, stickerDataConfig, stickerApiConfig]) => ({
+      userConfig,
+      systemAdminConfig,
+      emailAutomationConfig,
+      stickerConfig: {
+        ...stickerSiteConfig,
+        ...stickerDataConfig,
+        ...stickerApiConfig,
+      },
+    }));
+  }
+
+  return indexRouteConfigsPromise;
+};
+
+const shouldHandleSystemAdminStep = (pathname, systemAdminConfig) => shouldHandleSystemAdminPath(pathname, systemAdminConfig);
+
+const shouldHandleUserStep = (pathname, userConfig) => shouldHandleUserPath(pathname, userConfig);
+
+const shouldHandleMetricsStep = (pathname, metricsPath) => startsWithPath(pathname, normalizeBasePath(metricsPath, '/metrics'));
+
+export const routeRequest = async (req, res, { pathname, url, metricsPath = '/metrics', configs = null } = {}) => {
+  const resolvedConfigs = configs || (await getIndexRouteConfigs());
+  const userConfig = resolvedConfigs?.userConfig || null;
+  const systemAdminConfig = resolvedConfigs?.systemAdminConfig || null;
+  const emailAutomationConfig = resolvedConfigs?.emailAutomationConfig || null;
+  const stickerConfig = resolvedConfigs?.stickerConfig || null;
+
+  // 1) Metrics
+  if (shouldHandleMetricsStep(pathname, metricsPath)) {
+    const handled = await maybeHandleMetricsRequest(req, res, { pathname, metricsPath });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  // 2) Health checks
+  if (shouldHandleHealthPath(pathname)) {
+    const handled = await maybeHandleHealthRequest(req, res, { pathname });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  // 3) Email automation API
+  if (shouldHandleEmailAutomationPath(pathname, emailAutomationConfig)) {
+    const handled = await maybeHandleEmailAutomationRequest(req, res, { pathname, url });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  // 4) User
+  const systemAdminCandidate = shouldHandleSystemAdminStep(pathname, systemAdminConfig);
+  if (shouldHandleUserStep(pathname, userConfig)) {
+    const handled = await maybeHandleUserRequest(req, res, { pathname, url });
+    if (handled) return true;
+
+    // Permite /user/systemadm continuar para o router de admin.
+    if (!systemAdminCandidate) return sendNotFound(req, res);
+  }
+
+  // 5) System admin + legacy /stickers/admin
+  if (systemAdminCandidate) {
+    const handled = await maybeHandleSystemAdminRequest(req, res, { pathname, url });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  // 6) Sticker catalog apenas nos prefixes permitidos
+  if (shouldHandleStickerSitePath(pathname, stickerConfig)) {
+    const handled = await maybeHandleStickerSiteRequest(req, res, { pathname, url });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  if (shouldHandleStickerDataPath(pathname, stickerConfig)) {
+    const handled = await maybeHandleStickerDataRequest(req, res, {
+      pathname,
+      config: {
+        dataPublicPath: stickerConfig?.dataPublicPath,
+        dataPublicDir: stickerConfig?.dataPublicDir,
+      },
+    });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  if (shouldHandleStickerApiPath(pathname, stickerConfig)) {
+    const handled = await maybeHandleStickerApiRequest(req, res, {
+      pathname,
+      url,
+      config: {
+        apiBasePath: stickerConfig?.apiBasePath,
+        marketplaceStatsPath: stickerConfig?.marketplaceStatsPath,
+      },
+    });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  // 7) Paginas estaticas (templates em public/pages)
+  if (shouldHandleStaticPagePath(pathname)) {
+    const handled = await maybeHandleStaticPageRequest(req, res, { pathname });
+    if (handled) return true;
+    return sendNotFound(req, res);
+  }
+
+  // 8) 404 global
+  return sendNotFound(req, res);
+};
+
+export const getUserApiPathsFromConfig = (userConfig = null) => {
+  const apiBasePath = userConfig?.apiBasePath || '/api';
+  const paths = new Set(buildUserApiPaths(apiBasePath));
+  const legacyApiBasePath = userConfig?.legacyApiBasePath || '/api/sticker-packs';
+  for (const path of buildUserApiPaths(legacyApiBasePath, { legacyCompatible: true })) {
+    paths.add(path);
+  }
+  return paths;
+};

package/server/routes/metrics/metricsRouter.js

@@ -0,0 +1,58 @@
+import { sendMetricsResponse } from '../../controllers/metricsController.js';
+import { resolveClientIp } from '../../http/clientIp.js';
+
+const startsWithPath = (pathname, prefix) => {
+  if (!pathname || !prefix) return false;
+  if (pathname === prefix) return true;
+  return pathname.startsWith(`${prefix}/`);
+};
+
+const parseEnvBool = (value, fallback = false) => {
+  if (value === undefined || value === null || value === '') return fallback;
+  const normalized = String(value).trim().toLowerCase();
+  if (['1', 'true', 'yes', 'y', 'on'].includes(normalized)) return true;
+  if (['0', 'false', 'no', 'n', 'off'].includes(normalized)) return false;
+  return fallback;
+};
+
+const METRICS_ALLOW_REMOTE = parseEnvBool(process.env.METRICS_ALLOW_REMOTE, false);
+const METRICS_TOKEN = String(process.env.METRICS_TOKEN || process.env.METRICS_API_KEY || '').trim();
+const LOOPBACK_IPS = new Set(['127.0.0.1', '::1', '::ffff:127.0.0.1']);
+
+const extractMetricsTokenFromRequest = (req) => {
+  const headerToken = String(req?.headers?.['x-metrics-token'] || '').trim();
+  if (headerToken) return headerToken;
+  const authHeader = String(req?.headers?.authorization || '').trim();
+  if (!authHeader.toLowerCase().startsWith('bearer ')) return '';
+  return authHeader.slice(7).trim();
+};
+
+const isLoopbackRequest = (req) => LOOPBACK_IPS.has(resolveClientIp(req));
+
+const canAccessMetrics = (req) => {
+  if (METRICS_TOKEN) {
+    const requestToken = extractMetricsTokenFromRequest(req);
+    return Boolean(requestToken && requestToken === METRICS_TOKEN);
+  }
+  if (METRICS_ALLOW_REMOTE) return true;
+  return isLoopbackRequest(req);
+};
+
+const sendForbidden = (req, res) => {
+  if (res.writableEnded) return true;
+  res.statusCode = 403;
+  res.setHeader('Content-Type', 'application/json; charset=utf-8');
+  if (req.method === 'HEAD') {
+    res.end();
+    return true;
+  }
+  res.end(JSON.stringify({ error: 'Forbidden' }));
+  return true;
+};
+
+export const maybeHandleMetricsRequest = async (req, res, { pathname, metricsPath }) => {
+  if (!startsWithPath(pathname, metricsPath)) return false;
+  if (!canAccessMetrics(req)) return sendForbidden(req, res);
+  await sendMetricsResponse(res);
+  return true;
+};

package/server/routes/static/staticPageRouter.js

@@ -0,0 +1,134 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+import logger from '#logger';
+
+const normalizeBasePath = (value, fallback) => {
+  const raw = String(value || '').trim() || fallback;
+  const withLeadingSlash = raw.startsWith('/') ? raw : `/${raw}`;
+  const withoutTrailingSlash = withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/') ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+  return withoutTrailingSlash || fallback;
+};
+
+const normalizeRoutePath = (pathname) => {
+  const rawPath = String(pathname || '').trim();
+  if (!rawPath || rawPath === '/') return '/';
+  return rawPath.endsWith('/') ? rawPath.slice(0, -1) : rawPath;
+};
+
+const STICKER_LOGIN_WEB_PATH = normalizeBasePath(process.env.STICKER_LOGIN_WEB_PATH, '/login');
+const PUBLIC_PAGES_DIR = path.join(process.cwd(), 'public', 'pages');
+const SEO_ROUTE_PREFIX = '/seo/';
+const SEO_SLUG_REGEX = /^[a-z0-9-]+$/;
+const INDEX_FILE_SUFFIX = '/index.html';
+
+const STATIC_PAGE_ROUTE_TO_FILE = new Map(
+  [
+    ['/', 'home.html'],
+    ['/api-docs', 'api-docs.html'],
+    ['/aup', 'aup.html'],
+    ['/comandos', 'comandos.html'],
+    ['/dpa', 'dpa.html'],
+    ['/licenca', 'licenca.html'],
+    ['/notice-and-takedown', 'notice-and-takedown.html'],
+    ['/politica-de-privacidade', 'politica-de-privacidade.html'],
+    ['/suboperadores', 'suboperadores.html'],
+    ['/termos-de-uso', 'termos-de-uso.html'],
+    ['/termos-de-uso/texto-integral', 'termos-de-uso-texto-integral.html'],
+    ['/termos-de-uso/texto-integral.html', 'termos-de-uso-texto-integral.html'],
+    [STICKER_LOGIN_WEB_PATH, 'login.html'],
+  ].map(([routePath, fileName]) => [normalizeRoutePath(routePath), fileName]),
+);
+
+const resolveMappedTemplateName = (normalizedPath) => {
+  const mappedTemplate = STATIC_PAGE_ROUTE_TO_FILE.get(normalizedPath);
+  if (mappedTemplate) return mappedTemplate;
+
+  if (normalizedPath.startsWith(SEO_ROUTE_PREFIX)) {
+    const seoSlug = normalizedPath.slice(SEO_ROUTE_PREFIX.length);
+    if (seoSlug && SEO_SLUG_REGEX.test(seoSlug)) {
+      return `seo-${seoSlug}.html`;
+    }
+  }
+
+  return null;
+};
+
+const resolveStaticTemplateName = (pathname) => {
+  const normalizedPath = normalizeRoutePath(pathname);
+  const mappedTemplate = resolveMappedTemplateName(normalizedPath);
+  if (mappedTemplate) return mappedTemplate;
+
+  if (normalizedPath.endsWith(INDEX_FILE_SUFFIX)) {
+    const withoutIndex = normalizedPath.slice(0, -INDEX_FILE_SUFFIX.length);
+    const aliasPath = withoutIndex || '/';
+    return resolveMappedTemplateName(aliasPath);
+  }
+
+  return null;
+};
+
+const sendHtml = (req, res, html) => {
+  res.statusCode = 200;
+  res.setHeader('Content-Type', 'text/html; charset=utf-8');
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(html);
+};
+
+const sendJson = (req, res, statusCode, payload) => {
+  const body = JSON.stringify(payload);
+  res.statusCode = statusCode;
+  res.setHeader('Content-Type', 'application/json; charset=utf-8');
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(body);
+};
+
+export const shouldHandleStaticPagePath = (pathname) => Boolean(resolveStaticTemplateName(pathname));
+
+export const maybeHandleStaticPageRequest = async (req, res, { pathname } = {}) => {
+  if (!['GET', 'HEAD'].includes(req.method || '')) return false;
+
+  const normalizedPath = normalizeRoutePath(pathname);
+  const templateName = resolveStaticTemplateName(normalizedPath);
+  if (!templateName) return false;
+
+  // Redireciona usuário logado tentando acessar página de login
+  if (templateName === 'login.html') {
+    try {
+      const session = await globalThis.resolveGoogleWebSessionFromRequestBridge?.(req);
+      if (session?.sub && (session.ownerJid || session.ownerPhone || session.email)) {
+        res.statusCode = 302;
+        res.setHeader('Location', '/user/');
+        res.end();
+        return true;
+      }
+    } catch (error) {
+      logger.warn('Falha ao verificar sessao para redirecionamento de login.', { error: error?.message });
+    }
+  }
+
+  const templatePath = path.join(PUBLIC_PAGES_DIR, templateName);
+  try {
+    const html = await fs.readFile(templatePath, 'utf8');
+    sendHtml(req, res, html);
+  } catch (error) {
+    if (error?.code === 'ENOENT') {
+      sendJson(req, res, 404, { error: 'Template da pagina nao encontrado.' });
+      return true;
+    }
+    logger.error('Falha ao renderizar pagina estatica.', {
+      action: 'static_page_render_failed',
+      path: normalizedPath,
+      template: templateName,
+      error: error?.message,
+    });
+    sendJson(req, res, 500, { error: 'Falha interna ao renderizar pagina.' });
+  }
+  return true;
+};

package/server/routes/sticker/catalogHandlers/catalogAdminHttp.js

@@ -0,0 +1,105 @@
+export const handleCatalogAdminRoutes = async ({ req, res, url, segments, handlers, sendJson }) => {
+  if (segments[0] !== 'admin') return false;
+
+  if (segments.length === 2 && segments[1] === 'overview') {
+    await handlers.handleAdminOverviewRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'users') {
+    await handlers.handleAdminUsersRequest(req, res, url);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'users' && segments[2] === 'force-logout') {
+    await handlers.handleAdminForceLogoutRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'feature-flags') {
+    await handlers.handleAdminFeatureFlagsRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'ops') {
+    await handlers.handleAdminOpsActionRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'search') {
+    await handlers.handleAdminSearchRequest(req, res, url);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'export') {
+    await handlers.handleAdminExportRequest(req, res, url);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'moderators') {
+    await handlers.handleAdminModeratorsRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'moderators') {
+    await handlers.handleAdminModeratorDeleteRequest(req, res, segments[2]);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'packs') {
+    await handlers.handleAdminPacksRequest(req, res, url);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'packs') {
+    if (req.method === 'DELETE') {
+      await handlers.handleAdminPackDeleteRequest(req, res, segments[2]);
+      return true;
+    }
+    await handlers.handleAdminPackDetailsRequest(req, res, segments[2]);
+    return true;
+  }
+
+  if (segments.length === 4 && segments[1] === 'packs' && segments[3] === 'delete') {
+    await handlers.handleAdminPackDeleteRequest(req, res, segments[2]);
+    return true;
+  }
+
+  if (segments.length === 5 && segments[1] === 'packs' && segments[3] === 'stickers') {
+    await handlers.handleAdminPackStickerDeleteRequest(req, res, segments[2], segments[4]);
+    return true;
+  }
+
+  if (segments.length === 6 && segments[1] === 'packs' && segments[3] === 'stickers' && segments[5] === 'delete') {
+    await handlers.handleAdminPackStickerDeleteRequest(req, res, segments[2], segments[4]);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'stickers') {
+    await handlers.handleAdminGlobalStickerDeleteRequest(req, res, segments[2]);
+    return true;
+  }
+
+  if (segments.length === 4 && segments[1] === 'stickers' && segments[3] === 'delete') {
+    await handlers.handleAdminGlobalStickerDeleteRequest(req, res, segments[2]);
+    return true;
+  }
+
+  if (segments.length === 2 && segments[1] === 'bans') {
+    await handlers.handleAdminBansRequest(req, res);
+    return true;
+  }
+
+  if (segments.length === 4 && segments[1] === 'bans' && segments[3] === 'revoke') {
+    await handlers.handleAdminBanRevokeRequest(req, res, segments[2]);
+    return true;
+  }
+
+  if (segments.length === 3 && segments[1] === 'bans') {
+    await handlers.handleAdminBanRevokeRequest(req, res, segments[2]);
+    return true;
+  }
+
+  sendJson(req, res, 404, { error: 'Rota admin nao encontrada.' });
+  return true;
+};

package/server/routes/sticker/catalogHandlers/catalogAuthHttp.js

@@ -0,0 +1,77 @@
+const METHOD_NOT_ALLOWED_BODY = { error: 'Metodo nao permitido.' };
+
+const isReadMethod = (method) => method === 'GET' || method === 'HEAD';
+
+export const handleCatalogAuthRoutes = async ({ req, res, pathname, url, apiBasePath, handlers, sendJson }) => {
+  if (pathname === `${apiBasePath}/auth/google/session`) {
+    await handlers.handleGoogleAuthSessionRequest(req, res);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/auth/login`) {
+    await handlers.handlePasswordLoginRequest(req, res);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/auth/terms/acceptance`) {
+    await handlers.handleTermsAcceptanceRequest(req, res);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/auth/password`) {
+    await handlers.handlePasswordAuthRequest(req, res);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/auth/password/recovery/request`) {
+    await handlers.handlePasswordRecoveryRequest(req, res);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/auth/password/recovery/verify`) {
+    await handlers.handlePasswordRecoveryVerifyRequest(req, res);
+    return true;
+  }
+
+  const passwordRecoverySessionBasePath = `${apiBasePath}/auth/password/recovery/session`;
+  if (pathname === passwordRecoverySessionBasePath) {
+    if (isReadMethod(req.method || '')) {
+      await handlers.handlePasswordRecoverySessionStatusRequest(req, res);
+      return true;
+    }
+
+    if (req.method === 'POST') {
+      await handlers.handlePasswordRecoverySessionCreateRequest(req, res);
+      return true;
+    }
+
+    sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+    return true;
+  }
+
+  if (pathname === `${passwordRecoverySessionBasePath}/request`) {
+    await handlers.handlePasswordRecoverySessionRequest(req, res);
+    return true;
+  }
+
+  if (pathname === `${passwordRecoverySessionBasePath}/verify`) {
+    await handlers.handlePasswordRecoverySessionVerifyRequest(req, res);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/me`) {
+    if (!isReadMethod(req.method || '')) {
+      sendJson(req, res, 405, METHOD_NOT_ALLOWED_BODY);
+      return true;
+    }
+    await handlers.handleMyProfileRequest(req, res, url);
+    return true;
+  }
+
+  if (pathname === `${apiBasePath}/admin/session`) {
+    await handlers.handleAdminPanelSessionRequest(req, res);
+    return true;
+  }
+
+  return false;
+};