@omnizap-system/omnizap 2.6.0 → 2.6.2

package/server/controllers/admin/systemAdminController.js

@@ -1,8 +1,17 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
+import { timingSafeEqual } from 'node:crypto';
 import { URL } from 'node:url';
 
 import logger from '#logger';
+import {
+  forceSystemAdminGroupFailover,
+  listSystemAdminAssignmentHistory,
+  listSystemAdminAssignments,
+  listSystemAdminSessions,
+  setSystemAdminGroupPin,
+  triggerSystemAdminManualRebalance,
+} from '../system/systemController.js';
 
 const parseEnvBool = (value, fallback) => {
   if (value === undefined || value === null || value === '') return fallback;
@@ -25,6 +34,8 @@ const SYSTEM_ADMIN_API_BASE_PATH = normalizeBasePath(process.env.SYSTEM_ADMIN_AP
 const SYSTEM_ADMIN_API_SESSION_PATH = `${SYSTEM_ADMIN_API_BASE_PATH}/session`;
 const LEGACY_SYSTEM_ADMIN_API_BASE_PATH = `${LEGACY_STICKER_API_BASE_PATH}/admin`;
 const LEGACY_SYSTEM_ADMIN_API_SESSION_PATH = `${LEGACY_SYSTEM_ADMIN_API_BASE_PATH}/session`;
+const SYSTEM_ADMIN_MULTI_SESSION_API_PATH = `${SYSTEM_ADMIN_API_BASE_PATH}/multi-session`;
+const LEGACY_SYSTEM_ADMIN_MULTI_SESSION_API_PATH = `${LEGACY_SYSTEM_ADMIN_API_BASE_PATH}/multi-session`;
 const STICKER_LOGIN_WEB_PATH = normalizeBasePath(process.env.STICKER_LOGIN_WEB_PATH, '/login');
 const STICKER_WEB_PATH = normalizeBasePath(process.env.STICKER_WEB_PATH, '/stickers');
 const STICKER_ADMIN_WEB_PATH = `${STICKER_WEB_PATH}/admin`;
@@ -37,6 +48,9 @@ const SITE_ORIGIN = String(process.env.SITE_ORIGIN || 'https://omnizap.shop')
 
 const USER_SYSTEMADM_TEMPLATE_PATH = path.join(process.cwd(), 'public', 'pages', 'user-systemadm.html');
 const LEGACY_STICKER_ADMIN_TEMPLATE_PATH = path.join(process.cwd(), 'public', 'pages', 'stickers-admin.html');
+const SYSTEM_ADMIN_OPS_TOKEN = String(
+  process.env.SYSTEM_ADMIN_OPS_TOKEN || process.env.USER_INTERNAL_API_TOKEN || process.env.ADMIN_TOKEN || process.env.ADMIN_API_TOKEN || '',
+).trim();
 
 let stickerCatalogControllerPromise = null;
 const loadStickerCatalogController = async () => {
@@ -108,6 +122,106 @@ const mapAdminApiPathToLegacy = (pathname) => {
   return null;
 };
 
+const mapMultiSessionApiPath = (pathname) => {
+  if (hasPathPrefix(pathname, SYSTEM_ADMIN_MULTI_SESSION_API_PATH)) {
+    const suffix = pathname.slice(SYSTEM_ADMIN_MULTI_SESSION_API_PATH.length);
+    return suffix || '/';
+  }
+  if (hasPathPrefix(pathname, LEGACY_SYSTEM_ADMIN_MULTI_SESSION_API_PATH)) {
+    const suffix = pathname.slice(LEGACY_SYSTEM_ADMIN_MULTI_SESSION_API_PATH.length);
+    return suffix || '/';
+  }
+  return null;
+};
+
+const constantTimeStringEqual = (left, right) => {
+  const leftBuffer = Buffer.from(String(left || ''), 'utf8');
+  const rightBuffer = Buffer.from(String(right || ''), 'utf8');
+  if (!leftBuffer.length || leftBuffer.length !== rightBuffer.length) return false;
+  try {
+    return timingSafeEqual(leftBuffer, rightBuffer);
+  } catch {
+    return false;
+  }
+};
+
+const extractBearerToken = (req) => {
+  const authHeader = String(req?.headers?.authorization || '').trim();
+  if (!authHeader.toLowerCase().startsWith('bearer ')) return '';
+  return authHeader.slice(7).trim();
+};
+
+const resolveOpsTokenFromRequest = (req) =>
+  String(req?.headers?.['x-system-admin-token'] || req?.headers?.['x-internal-api-token'] || req?.headers?.['x-admin-token'] || '').trim() ||
+  extractBearerToken(req);
+
+const hasValidOpsToken = (req) => {
+  if (!SYSTEM_ADMIN_OPS_TOKEN) return true;
+  const requestToken = resolveOpsTokenFromRequest(req);
+  if (!requestToken) return false;
+  return constantTimeStringEqual(requestToken, SYSTEM_ADMIN_OPS_TOKEN);
+};
+
+const readJsonBody = async (req, { maxBytes = 64 * 1024 } = {}) =>
+  new Promise((resolve, reject) => {
+    const chunks = [];
+    let total = 0;
+
+    req.on('data', (chunk) => {
+      total += chunk.length;
+      if (total > maxBytes) {
+        const error = new Error('Payload excedeu limite permitido.');
+        error.statusCode = 413;
+        reject(error);
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+
+    req.on('end', () => {
+      const raw = Buffer.concat(chunks).toString('utf8').trim();
+      if (!raw) {
+        resolve({});
+        return;
+      }
+
+      try {
+        resolve(JSON.parse(raw));
+      } catch {
+        const error = new Error('JSON invalido.');
+        error.statusCode = 400;
+        reject(error);
+      }
+    });
+
+    req.on('error', (error) => reject(error));
+  });
+
+const parseBool = (value, fallback = false) => {
+  if (value === undefined || value === null || value === '') return fallback;
+  const normalized = String(value).trim().toLowerCase();
+  if (['1', 'true', 'yes', 'y', 'on'].includes(normalized)) return true;
+  if (['0', 'false', 'no', 'n', 'off'].includes(normalized)) return false;
+  return fallback;
+};
+
+const parsePositiveInt = (value, fallback = 200, min = 1, max = 5000) => {
+  const parsed = Number.parseInt(String(value ?? ''), 10);
+  if (!Number.isFinite(parsed)) return fallback;
+  return Math.max(min, Math.min(max, parsed));
+};
+
+const decodePathSegment = (value) => {
+  const raw = String(value || '').trim();
+  if (!raw) return '';
+  try {
+    return decodeURIComponent(raw);
+  } catch {
+    return raw;
+  }
+};
+
 const renderUserSystemAdminHtml = async () => {
   const template = await fs.readFile(USER_SYSTEMADM_TEMPLATE_PATH, 'utf8');
   const dataAttributes = {
@@ -124,13 +238,147 @@ const renderUserSystemAdminHtml = async () => {
   return html;
 };
 
+const requireSystemAdminOpsAccess = (req, res) => {
+  if (hasValidOpsToken(req)) return true;
+  sendJson(req, res, 401, { error: 'Nao autorizado para operacoes de system admin.' });
+  return false;
+};
+
+const normalizeMultiSessionSubPath = (value) => {
+  const raw = String(value || '/').trim();
+  if (!raw || raw === '/') return '/';
+  return `/${raw
+    .replace(/^\/+/g, '')
+    .replace(/\/+$/g, '')}`;
+};
+
+const handleMultiSessionOpsRequest = async (req, res, { pathname, url }) => {
+  if (!requireSystemAdminOpsAccess(req, res)) return true;
+
+  const subPath = normalizeMultiSessionSubPath(pathname);
+  const requestUrl = (() => {
+    try {
+      return new URL(String(url?.href || req.url || '/'), SITE_ORIGIN);
+    } catch {
+      return new URL(SITE_ORIGIN);
+    }
+  })();
+
+  if (subPath === '/sessions') {
+    if (!['GET', 'HEAD'].includes(req.method || '')) {
+      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
+      return true;
+    }
+    const payload = await listSystemAdminSessions({
+      status: requestUrl.searchParams.get('status'),
+      limit: parsePositiveInt(requestUrl.searchParams.get('limit'), 200, 1, 5000),
+    });
+    sendJson(req, res, 200, payload);
+    return true;
+  }
+
+  if (subPath === '/assignments') {
+    if (!['GET', 'HEAD'].includes(req.method || '')) {
+      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
+      return true;
+    }
+    const payload = await listSystemAdminAssignments({
+      groupJid: requestUrl.searchParams.get('group_jid'),
+      ownerSessionId: requestUrl.searchParams.get('owner_session_id'),
+      includeExpired: parseBool(requestUrl.searchParams.get('include_expired'), false),
+      limit: parsePositiveInt(requestUrl.searchParams.get('limit'), 200, 1, 5000),
+    });
+    sendJson(req, res, 200, payload);
+    return true;
+  }
+
+  if (subPath === '/history') {
+    if (!['GET', 'HEAD'].includes(req.method || '')) {
+      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
+      return true;
+    }
+    const payload = await listSystemAdminAssignmentHistory({
+      groupJid: requestUrl.searchParams.get('group_jid'),
+      limit: parsePositiveInt(requestUrl.searchParams.get('limit'), 100, 1, 5000),
+    });
+    sendJson(req, res, 200, payload);
+    return true;
+  }
+
+  if (subPath === '/rebalance') {
+    if (!['POST'].includes(req.method || '')) {
+      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
+      return true;
+    }
+    const payload = await triggerSystemAdminManualRebalance();
+    sendJson(req, res, 200, payload);
+    return true;
+  }
+
+  const groupActionMatch = subPath.match(/^\/groups\/([^/]+)\/(pin|unpin|failover)$/i);
+  if (groupActionMatch) {
+    if (!['POST'].includes(req.method || '')) {
+      sendJson(req, res, 405, { error: 'Metodo nao permitido.' });
+      return true;
+    }
+
+    const groupJid = decodePathSegment(groupActionMatch[1]);
+    const action = String(groupActionMatch[2] || '').toLowerCase();
+    const body = await readJsonBody(req).catch((error) => {
+      const statusCode = Number(error?.statusCode || 400);
+      sendJson(req, res, statusCode, { error: error?.message || 'Falha ao interpretar payload JSON.' });
+      return null;
+    });
+    if (body === null) return true;
+
+    if (action === 'pin' || action === 'unpin') {
+      const pinned = action === 'pin';
+      const payload = await setSystemAdminGroupPin({
+        groupJid,
+        pinned,
+        sessionId: body?.session_id || body?.sessionId || null,
+        reason: body?.reason || null,
+        changedBy: 'system_admin_api',
+        metadata: body?.metadata || null,
+      });
+      sendJson(req, res, 200, payload);
+      return true;
+    }
+
+    if (action === 'failover') {
+      const targetSessionId = String(body?.target_session_id || body?.targetSessionId || requestUrl.searchParams.get('target_session_id') || '')
+        .trim()
+        .slice(0, 64);
+      if (!targetSessionId) {
+        sendJson(req, res, 400, { error: 'target_session_id e obrigatorio.' });
+        return true;
+      }
+
+      const payload = await forceSystemAdminGroupFailover({
+        groupJid,
+        targetSessionId,
+        reason: body?.reason || 'admin_force_failover',
+        changedBy: 'system_admin_api',
+        metadata: body?.metadata || null,
+      });
+      sendJson(req, res, 200, payload);
+      return true;
+    }
+  }
+
+  sendJson(req, res, 404, { error: 'Endpoint de operacao multi-session nao encontrado.' });
+  return true;
+};
+
 export const getSystemAdminRouteConfig = () => ({
   webPath: USER_SYSTEMADM_WEB_PATH,
   legacyWebPath: STICKER_ADMIN_WEB_PATH,
   apiAdminBasePath: SYSTEM_ADMIN_API_BASE_PATH,
   apiAdminSessionPath: SYSTEM_ADMIN_API_SESSION_PATH,
+  apiAdminMultiSessionPath: SYSTEM_ADMIN_MULTI_SESSION_API_PATH,
   legacyApiAdminBasePath: LEGACY_SYSTEM_ADMIN_API_BASE_PATH,
   legacyApiAdminSessionPath: LEGACY_SYSTEM_ADMIN_API_SESSION_PATH,
+  legacyApiAdminMultiSessionPath: LEGACY_SYSTEM_ADMIN_MULTI_SESSION_API_PATH,
 });
 
 export const maybeHandleSystemAdminRequest = async (req, res, { pathname, url }) => {
@@ -186,6 +434,25 @@ export const maybeHandleSystemAdminRequest = async (req, res, { pathname, url })
   }
 
   if (hasPathPrefix(pathname, SYSTEM_ADMIN_API_BASE_PATH) || hasPathPrefix(pathname, LEGACY_SYSTEM_ADMIN_API_BASE_PATH)) {
+    const multiSessionPath = mapMultiSessionApiPath(pathname);
+    if (multiSessionPath !== null) {
+      try {
+        return await handleMultiSessionOpsRequest(req, res, {
+          pathname: multiSessionPath,
+          url,
+        });
+      } catch (error) {
+        logger.error('Falha ao processar endpoint operacional multi-sessao.', {
+          action: 'system_admin_multi_session_endpoint_failed',
+          method: req.method,
+          path: pathname,
+          error: error?.message,
+        });
+        sendJson(req, res, 500, { error: 'Falha interna ao processar operacao multi-sessao.' });
+        return true;
+      }
+    }
+
     const legacyPathname = mapAdminApiPathToLegacy(pathname);
     if (!legacyPathname) return false;
 

package/server/controllers/seo/stickerCatalogSeoContext.js

@@ -1,3 +1,4 @@
+import { now as __timeNow, nowIso as __timeNowIso, toUnixMs as __timeNowMs } from '#time';
 import fs from 'node:fs/promises';
 
 export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStickerPacksForCatalog, logger, sendJson, toSiteAbsoluteUrl, isPackPubliclyVisible, buildPackWebUrl, config }) => {
@@ -52,7 +53,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
   const buildStickersReactBundleUrl = () => appendAssetVersionQuery('/assets/js/stickers-react.bundle.js');
 
   const buildCatalogDiscoveryLinksHtml = async () => {
-    if (SEO_DISCOVERY_CACHE.expiresAt > Date.now() && SEO_DISCOVERY_CACHE.html) {
+    if (SEO_DISCOVERY_CACHE.expiresAt > __timeNowMs() && SEO_DISCOVERY_CACHE.html) {
       return SEO_DISCOVERY_CACHE.html;
     }
 
@@ -67,7 +68,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
       const links = (Array.isArray(packs) ? packs : []).filter((pack) => pack?.pack_key && isPackPubliclyVisible(pack)).slice(0, seoDiscoveryLinkLimit);
 
       if (!links.length) {
-        SEO_DISCOVERY_CACHE.expiresAt = Date.now() + seoDiscoveryCacheSeconds * 1000;
+        SEO_DISCOVERY_CACHE.expiresAt = __timeNowMs() + seoDiscoveryCacheSeconds * 1000;
         SEO_DISCOVERY_CACHE.html = '';
         return '';
       }
@@ -91,7 +92,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
   </section>
 </noscript>`;
 
-      SEO_DISCOVERY_CACHE.expiresAt = Date.now() + seoDiscoveryCacheSeconds * 1000;
+      SEO_DISCOVERY_CACHE.expiresAt = __timeNowMs() + seoDiscoveryCacheSeconds * 1000;
       SEO_DISCOVERY_CACHE.html = html;
       return html;
     } catch (error) {
@@ -116,7 +117,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
       __INITIAL_PACK_KEY__: escapeHtmlAttribute(initialPackKey || ''),
       __CATALOG_STYLES_PATH__: escapeHtmlAttribute(buildCatalogStylesUrl()),
       __CATALOG_SCRIPT_PATH__: escapeHtmlAttribute(buildCatalogScriptUrl()),
-      __CURRENT_YEAR__: String(new Date().getFullYear()),
+      __CURRENT_YEAR__: String(__timeNow().getFullYear()),
     };
 
     let html = template;
@@ -150,7 +151,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
     const coverUrl = toSiteAbsoluteUrl(packSummary?.cover_url || fallbackCoverUrl);
     const publisher = truncateText(packSummary?.publisher || 'Criador OmniZap', 80);
     const stickerCount = Math.max(0, Number(packSummary?.sticker_count || 0));
-    const updatedAt = packSummary?.updated_at || packSummary?.created_at || new Date().toISOString();
+    const updatedAt = packSummary?.updated_at || packSummary?.created_at || __timeNowIso();
     const schemaJson = JSON.stringify(
       {
         '@context': 'https://schema.org',
@@ -243,7 +244,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
 
   <meta property="og:type" content="website" />
   <meta property="og:locale" content="pt_BR" />
-  <meta property="og:site_name" content="OmniZap System" />
+  <meta property="og:site_name" content="Omnizap" />
   <meta property="og:title" content="${escapeHtmlAttribute(packName)}" />
   <meta property="og:description" content="${escapeHtmlAttribute(packDescription)}" />
   <meta property="og:url" content="${escapeHtmlAttribute(canonicalUrl)}" />
@@ -337,7 +338,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
       __STICKER_LOGIN_WEB_PATH__: escapeHtmlAttribute(stickerLoginWebPath),
       __STICKER_API_BASE_PATH__: escapeHtmlAttribute(stickerApiBasePath),
       __PACK_COMMAND_PREFIX__: escapeHtmlAttribute(packCommandPrefix),
-      __CURRENT_YEAR__: String(new Date().getFullYear()),
+      __CURRENT_YEAR__: String(__timeNow().getFullYear()),
     };
 
     let html = template;
@@ -348,7 +349,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
   };
 
   const buildSitemapXml = async () => {
-    if (SITEMAP_CACHE.expiresAt > Date.now() && SITEMAP_CACHE.xml) {
+    if (SITEMAP_CACHE.expiresAt > __timeNowMs() && SITEMAP_CACHE.xml) {
       return SITEMAP_CACHE.xml;
     }
 
@@ -441,7 +442,7 @@ export const createStickerCatalogSeoContext = ({ executeQuery, tables, listStick
       .join('\n');
 
     const xml = `<?xml version="1.0" encoding="UTF-8"?>\n<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">\n${xmlItems}\n</urlset>\n`;
-    SITEMAP_CACHE.expiresAt = Date.now() + sitemapCacheSeconds * 1000;
+    SITEMAP_CACHE.expiresAt = __timeNowMs() + sitemapCacheSeconds * 1000;
     SITEMAP_CACHE.xml = xml;
     return xml;
   };

package/server/controllers/sticker/nonCatalogHandlers.js

@@ -1,3 +1,4 @@
+import { now as __timeNow, nowIso as __timeNowIso, toUnixMs as __timeNowMs } from '#time';
 import { withTimeout } from '../../http/httpRequestUtils.js';
 
 export const createStickerCatalogNonCatalogHandlers = ({ sendJson, sendText, logger, getSystemSummaryCached, systemSummaryCache, systemSummaryCacheSeconds, getReadmeSummaryCached, readmeSummaryCache, readmeSummaryCacheSeconds, getGlobalRankingSummaryCached, globalRankRefreshSeconds, globalRankCache, sanitizeRankingPayloadByBot, getActiveSocket, resolveBotUserCandidates, getMarketplaceGlobalStatsCached, marketplaceGlobalStatsCacheSeconds, marketplaceGlobalStatsCache, githubRepoInfo, githubProjectCacheSeconds, fetchGitHubProjectSummary, buildSupportInfo, buildBotContactInfo, getMarketplaceStatsCached, resolveGoogleWebSessionFromRequest, mapGoogleSessionResponseData, isAuthenticatedGoogleSession, stickerWebGoogleClientId, homeBootstrapExposeContact, trackWebVisitMetric, resolveVisitPathFromReferrer, normalizeCatalogVisibility }) => {
@@ -18,7 +19,7 @@ export const createStickerCatalogNonCatalogHandlers = ({ sendJson, sendText, log
       total_users: totalUsers,
       total_messages: totalMessages,
       total_commands: totalCommands,
-      updated_at: new Date().toISOString(),
+      updated_at: __timeNowIso(),
     };
 
     if (systemLatencyMs !== null) {

package/server/controllers/sticker/stickerCatalogController.js

@@ -1,3 +1,4 @@
+import { now as __timeNow, nowIso as __timeNowIso, toUnixMs as __timeNowMs } from '#time';
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import { createHash, randomUUID, timingSafeEqual } from 'node:crypto';
@@ -66,6 +67,7 @@ export const stripWebpExtension = (value) =>
     .replace(/\.webp$/i, '');
 
 const clampInt = (value, fallback, min, max) => {
+  if (value === undefined || value === null || value === '') return fallback;
   const parsed = Number(value);
   if (!Number.isFinite(parsed)) return fallback;
   return Math.max(min, Math.min(max, Math.floor(parsed)));
@@ -218,7 +220,7 @@ const getCacheBucket = (cacheMap, key) => {
 
 const getCachedSnapshot = async ({ cacheMap, key, ttlSeconds, staleWhileRefresh = true, staleOnError = true, load }) => {
   const bucket = getCacheBucket(cacheMap, key);
-  const now = Date.now();
+  const now = __timeNowMs();
   const hasValue = bucket.value !== null;
   const hasFreshValue = hasValue && now < bucket.expiresAt;
 
@@ -231,7 +233,7 @@ const getCachedSnapshot = async ({ cacheMap, key, ttlSeconds, staleWhileRefresh
       .then(load)
       .then((value) => {
         bucket.value = value;
-        bucket.expiresAt = Date.now() + ttlSeconds * 1000;
+        bucket.expiresAt = __timeNowMs() + ttlSeconds * 1000;
         return value;
       })
       .finally(() => {
@@ -598,10 +600,10 @@ const buildPackPublishStateData = async (pack, { includeUploads = true, connecti
 
 const maybeCleanupStaleDraftPacks = async () => {
   if (staleDraftCleanupState.running) return;
-  if (Date.now() - staleDraftCleanupState.lastRunAt < WEB_DRAFT_CLEANUP_RUN_INTERVAL_MS) return;
+  if (__timeNowMs() - staleDraftCleanupState.lastRunAt < WEB_DRAFT_CLEANUP_RUN_INTERVAL_MS) return;
 
   staleDraftCleanupState.running = true;
-  staleDraftCleanupState.lastRunAt = Date.now();
+  staleDraftCleanupState.lastRunAt = __timeNowMs();
 
   try {
     const rows = await executeQuery(
@@ -708,7 +710,7 @@ const saveWebPackEditToken = ({ packId, ownerJid }) => {
   webPackEditTokenMap.set(token, {
     packId,
     ownerJid,
-    expiresAt: Date.now() + PACK_WEB_EDIT_TOKEN_TTL_MS,
+    expiresAt: __timeNowMs() + PACK_WEB_EDIT_TOKEN_TTL_MS,
   });
   return token;
 };
@@ -718,7 +720,7 @@ const resolveWebPackEditToken = (token) => {
   if (!normalized) return null;
   const entry = webPackEditTokenMap.get(normalized);
   if (!entry) return null;
-  if (entry.expiresAt <= Date.now()) {
+  if (entry.expiresAt <= __timeNowMs()) {
     webPackEditTokenMap.delete(normalized);
     return null;
   }
@@ -786,7 +788,7 @@ const isPreviewVariantRequested = (url) => {
 const getStickerPreviewFromCache = (cacheKey) => {
   const entry = STICKER_PREVIEW_CACHE.get(cacheKey);
   if (!entry) return null;
-  if (entry.expiresAt <= Date.now()) {
+  if (entry.expiresAt <= __timeNowMs()) {
     STICKER_PREVIEW_CACHE.delete(cacheKey);
     return null;
   }
@@ -806,7 +808,7 @@ const saveStickerPreviewToCache = (cacheKey, buffer) => {
   }
   STICKER_PREVIEW_CACHE.set(cacheKey, {
     buffer,
-    expiresAt: Date.now() + STICKER_PREVIEW_CACHE_TTL_MS,
+    expiresAt: __timeNowMs() + STICKER_PREVIEW_CACHE_TTL_MS,
   });
 };
 
@@ -963,8 +965,6 @@ const convertUploadMediaToWebp = async ({ ownerJid, buffer, mimetype }) => {
 const PACK_TAG_MARKER_REGEX = /\[pack-tags:([^\]]+)\]/i;
 const AUTO_PACK_MARKER_REGEX = /\[(?:auto-theme|auto-tag):[^\]]+\]/gi;
 const AUTO_PACK_MARKER_TEST_REGEX = /\[(?:auto-theme|auto-tag):[^\]]+\]/i;
-const AUTO_PACK_COLLECTOR_MARKER = '[auto-pack:collector]';
-const AUTO_PACK_COLLECTOR_LEGACY_TEXT = 'coleção automática de figurinhas criadas pelo usuário.';
 const AUTO_PACK_DESCRIPTION_PREFIX_REGEX = /^curadoria automática por tema\.\s*tema:\s*[^.]+\.?\s*(?:score\s*=\s*-?\d+(?:\.\d+)?\.?\s*)?/i;
 const AUTO_PACK_SCORE_FRAGMENT_REGEX = /\bscore\s*=\s*-?\d+(?:\.\d+)?\.?/gi;
 const normalizePackTag = (value) =>
@@ -1023,29 +1023,10 @@ const parsePackDescriptionMetadata = (description) => {
   };
 };
 
-const isCollectorAutoPack = (pack) => {
-  if (!pack || typeof pack !== 'object') return false;
-  const description = String(pack.description || '').toLowerCase();
-  return description.includes(AUTO_PACK_COLLECTOR_MARKER) || description.includes(AUTO_PACK_COLLECTOR_LEGACY_TEXT);
-};
-
-const isThemeCurationAutoPack = (pack) => {
-  if (!pack || typeof pack !== 'object') return false;
-  const name = String(pack.name || '').trim();
-  if (/^\[auto\]/i.test(name)) return true;
-
-  const description = String(pack.description || '').toLowerCase();
-  if (description.includes('[auto-theme:') || description.includes('[auto-tag:')) return true;
-
-  return Boolean(String(pack.pack_theme_key || '').trim());
-};
-
 const shouldHidePackFromMyProfileDefault = (pack, { includeAutoPacks = false } = {}) => {
   if (!pack || typeof pack !== 'object') return false;
   if (includeAutoPacks) return false;
-  if (isCollectorAutoPack(pack)) return false;
-  if (isThemeCurationAutoPack(pack)) return true;
-  return pack.is_auto_pack === true || Number(pack.is_auto_pack || 0) === 1;
+  return false;
 };
 
 const buildPackDescriptionWithTags = (description, tags = []) => {
@@ -1719,7 +1700,7 @@ const buildMarketplaceStatsSnapshot = async (visibility) => {
 const getMarketplaceStatsCached = async (visibility) => {
   const normalizedVisibility = normalizeCatalogVisibility(visibility);
   const bucket = getHomeMarketplaceStatsCacheBucket(normalizedVisibility);
-  const now = Date.now();
+  const now = __timeNowMs();
   const hasValue = Boolean(bucket.value);
 
   if (hasValue && now < bucket.expiresAt) {
@@ -1730,9 +1711,15 @@ const getMarketplaceStatsCached = async (visibility) => {
     bucket.pending = withTimeout(buildMarketplaceStatsSnapshot(normalizedVisibility), 5000)
       .then((data) => {
         bucket.value = data;
-        bucket.expiresAt = Date.now() + HOME_MARKETPLACE_STATS_CACHE_SECONDS * 1000;
+        bucket.expiresAt = __timeNowMs() + HOME_MARKETPLACE_STATS_CACHE_SECONDS * 1000;
         return data;
       })
+      .catch((error) => {
+        if (hasValue && bucket.value) {
+          return bucket.value;
+        }
+        throw error;
+      })
       .finally(() => {
         bucket.pending = null;
       });
@@ -2485,7 +2472,7 @@ const handleManagedPackRequest = async (req, res, packKey) => {
         deleted: true,
         pack_key: result?.deletedPack?.pack_key || normalizedPackKey,
         id: result?.deletedPack?.id || context.pack?.id || null,
-        deleted_at: toIsoOrNull(result?.deletedPack?.deleted_at || new Date()),
+        deleted_at: toIsoOrNull(result?.deletedPack?.deleted_at || __timeNow()),
         removed_sticker_count: Number(result?.removedCount || 0),
       });
     } catch (error) {
@@ -3218,7 +3205,7 @@ const handleCreatePackRequest = async (req, res) => {
   });
   const manualTags = mergeUniqueTags(Array.isArray(payload?.tags) ? payload.tags : []).slice(0, 8);
   const persistedDescription = buildPackDescriptionWithTags(description, manualTags);
-  const visibility = String(payload?.visibility || 'public')
+  const visibility = String(payload?.visibility || 'private')
     .trim()
     .toLowerCase();
   const googleSession = await resolveGoogleWebSessionFromRequest(req);
@@ -3468,7 +3455,7 @@ const handleUploadStickerToPackRequest = async (req, res, packKey) => {
             source_mimetype: decoded.mimetype || 'image/webp',
             upload_status: 'processing',
             attempt_count: 1,
-            last_attempt_at: new Date(),
+            last_attempt_at: __timeNow(),
           },
           connection,
         );
@@ -3481,7 +3468,7 @@ const handleUploadStickerToPackRequest = async (req, res, packKey) => {
             error_code: null,
             error_message: null,
             attempt_count: Math.max(1, Number(existingUpload.attempt_count || 0) + 1),
-            last_attempt_at: new Date(),
+            last_attempt_at: __timeNow(),
           },
           connection,
         );

package/server/controllers/system/contactController.js

@@ -1,13 +1,12 @@
 import logger from '#logger';
 import { getActiveSocket, getAdminPhone, getAdminRawValue, getJidUser, resolveAdminJid, resolveBotJid, extractUserIdInfo, resolveUserId } from '../../../app/config/index.js';
+import { isLikelyWhatsAppPhone, normalizePhoneDigits, resolveAdminPhoneFromEnv, resolveBotPhoneFromEnv, resolveSupportPhoneFromEnv } from '../../../utils/whatsapp/contactEnv.js';
 
 const PACK_COMMAND_PREFIX = String(process.env.COMMAND_PREFIX || '/').trim() || '/';
 
-const normalizePhoneDigits = (value) => String(value || '').replace(/\D+/g, '');
-
 const isPlausibleWhatsAppPhone = (value) => {
   const digits = normalizePhoneDigits(value);
-  return digits.length >= 10 && digits.length <= 15 ? digits : '';
+  return isLikelyWhatsAppPhone(digits) ? digits : '';
 };
 
 const resolveActiveSocketBotJid = (activeSocket) => {
@@ -26,18 +25,12 @@ export const resolveCatalogBotPhone = () => {
   const jidUser = botJid ? getJidUser(botJid) : null;
   const fromSocket = normalizePhoneDigits(jidUser || '');
 
-  if (fromSocket && fromSocket.length >= 10) {
+  if (isLikelyWhatsAppPhone(fromSocket)) {
     return fromSocket;
   }
 
-  const envCandidates = [process.env.WHATSAPP_BOT_NUMBER, process.env.BOT_NUMBER, process.env.PHONE_NUMBER, process.env.BOT_PHONE_NUMBER, process.env.USER_ADMIN];
-
-  for (const candidate of envCandidates) {
-    const digits = normalizePhoneDigits(candidate || '');
-    if (digits && digits.length >= 10 && digits.length <= 15) {
-      return digits;
-    }
-  }
+  const fromEnv = resolveBotPhoneFromEnv({ fallback: '' });
+  if (fromEnv) return fromEnv;
 
   logger.warn('Nao foi possivel resolver o numero do bot para contato.', {
     action: 'resolve_bot_phone_failed',
@@ -75,12 +68,11 @@ const resolveSupportAdminPhone = async () => {
   const adminPhone = isPlausibleWhatsAppPhone(getAdminPhone() || '');
   if (adminPhone) return adminPhone;
 
-  const candidates = [process.env.WHATSAPP_SUPPORT_NUMBER, process.env.OWNER_NUMBER, process.env.USER_ADMIN];
+  const configuredAdminPhone = resolveAdminPhoneFromEnv({ fallback: '' });
+  if (configuredAdminPhone) return configuredAdminPhone;
 
-  for (const candidate of candidates) {
-    const digits = isPlausibleWhatsAppPhone(getJidUser(candidate || '') || candidate);
-    if (digits) return digits;
-  }
+  const configuredSupportPhone = resolveSupportPhoneFromEnv({ fallback: '' });
+  if (configuredSupportPhone) return configuredSupportPhone;
 
   return '';
 };

package/server/controllers/system/githubController.js

@@ -1,3 +1,4 @@
+import { now as __timeNow, nowIso as __timeNowIso, toUnixMs as __timeNowMs } from '#time';
 import logger from '#logger';
 import { toIsoOrNull } from '../../http/httpRequestUtils.js';
 
@@ -33,7 +34,7 @@ const githubFetchJson = async (url) => {
 
   const headers = {
     Accept: 'application/vnd.github+json',
-    'User-Agent': 'omnizap-system/2.1',
+    'User-Agent': 'omnizap/2.1',
   };
 
   if (GITHUB_TOKEN) {
@@ -109,7 +110,7 @@ export const fetchGitHubProjectSummary = async () => {
     throw new Error('GITHUB_REPOSITORY invalido');
   }
 
-  const now = Date.now();
+  const now = __timeNowMs();
   if (GITHUB_PROJECT_CACHE.value && now < GITHUB_PROJECT_CACHE.expiresAt) {
     return GITHUB_PROJECT_CACHE.value;
   }