@omnizap-system/omnizap 2.6.1 → 2.6.3

package/.env.example

@@ -10,8 +10,6 @@
 # ==============================
 # PRIORIDADE 1 - CRITICO (startup)
 # ==============================
-BOT_NUMBER=
-BOT_PHONE_NUMBER=
 COMMAND_PREFIX="#"
 COMMAND_REACT_EMOJI=🤖
 DB_HOST=localhost
@@ -35,8 +33,6 @@ NODE_ENV=development
 OPENAI_API_KEY=
 GEMINI_API_KEY=
 GEMINI_API_BASE_URL=https://generativelanguage.googleapis.com/v1beta
-OWNER_NUMBER=5511999999999
-PHONE_NUMBER=
 PM2_APP_NAME=omnizap
 SITE_ORIGIN=https://omnizap.shop
 STICKER_API_BASE_PATH=/api/sticker-packs
@@ -46,13 +42,22 @@ SYSTEM_ADMIN_API_BASE_PATH=/api/admin
 STICKER_STORAGE_DIR=./data/stickers
 STICKER_WEB_ORIGIN=https://omnizap.shop
 STICKER_WEB_PATH=/stickers
-USER_ADMIN=seu_jid_de_admin@s.whatsapp.net
 WHATSAPP_BOT_NUMBER=5511999999999
+WHATSAPP_SUPPORT_NUMBER=5511999999999
+WHATSAPP_ADMIN_NUMBER=5511999999999
+WHATSAPP_ADMIN_JID=seu_jid_de_admin@s.whatsapp.net
 WHATSAPP_LOGIN_BASE_URL=https://omnizap.shop
 WHATSAPP_LOGIN_LINK_SECRET=troque_por_um_segredo_forte
 WHATSAPP_LOGIN_PATH=/login/
 WHATSAPP_LOGIN_TRIGGER=iniciar
-WHATSAPP_SUPPORT_NUMBER=5511999999999
+
+# Legado (compatibilidade): mantenha vazio quando usar as variaveis canonicas acima
+BOT_NUMBER=
+BOT_PHONE_NUMBER=
+OWNER_NUMBER=
+PHONE_NUMBER=
+USER_ADMIN=
+WHATSAPP_PUBLIC_CONTACT_NUMBER=
 
 # ==============================
 # PRIORIDADE 2 - OPERACAO BASE
@@ -100,6 +105,7 @@ BAILEYS_GROUP_METADATA_CACHE_CHECKPERIOD_SECONDS=60
 BAILEYS_SEND_RETRY_ATTEMPTS=2
 BAILEYS_SEND_RETRY_BASE_DELAY_MS=600
 BAILEYS_SEND_MEDIA_UPLOAD_TIMEOUT_MS=0
+BAILEYS_SEND_PREFER_PN_FOR_LID=true
 BAILEYS_VERSION=
 BAILEYS_FETCH_LATEST_VERSION=false
 BAILEYS_LOGGER_MODE=child
@@ -120,11 +126,20 @@ BAILEYS_REPLY_PRESENCE_BEFORE=composing
 BAILEYS_REPLY_PRESENCE_AFTER=paused
 BAILEYS_REPLY_PRESENCE_DELAY_MS=280
 BAILEYS_AUTH_SESSION_ID=default
+BAILEYS_SESSION_IDS=default
+BAILEYS_PRIMARY_SESSION_ID=default
+BAILEYS_SESSION_WEIGHTS=default=1
+BAILEYS_AUTH_KEYS_CACHE_ENABLED=true
 BAILEYS_AUTH_BOOTSTRAP_FROM_FILES=true
 BAILEYS_SINGLE_WRITER_LOCK_ENABLED=true
 BAILEYS_SINGLE_WRITER_LOCK_NAME=
 BAILEYS_SINGLE_WRITER_LOCK_TIMEOUT_SECONDS=2
 BAILEYS_SINGLE_WRITER_LOCK_RETRY_DELAY_MS=15000
+BAILEYS_LIBSIGNAL_RUNTIME_PATCH_ENABLED=true
+GROUP_OWNER_ENFORCEMENT_MODE=off
+GROUP_OWNER_LEASE_MS=120000
+GROUP_OWNER_HEARTBEAT_MS=30000
+GROUP_BALANCER_ENABLED=false
 BAILEYS_EVENT_BATCH_SIZE=100
 BAILEYS_EVENT_QUEUE_MAX=4000
 BAILEYS_EVENT_JOURNAL_RETENTION_DAYS=14
@@ -160,6 +175,7 @@ HOME_MARKETPLACE_STATS_CACHE_SECONDS=45
 HOSTNAME=
 IMAGE_MENU=https://example.com/assets/omnizap-banner.png
 HELMET_CONTENT_SECURITY_POLICY_ENABLED=true
+HELMET_CSP_FRAME_SRC_EXTRA=
 LID_BACKFILL_BATCH=50000
 LID_BACKFILL_ON_START=true
 COMMAND_CONFIG_VALIDATE_ON_BOOT=true
@@ -171,6 +187,7 @@ MESSAGE_REPLY_PRESENCE_BEFORE=composing
 MESSAGE_REPLY_PRESENCE_AFTER=paused
 MESSAGE_REPLY_PRESENCE_DELAY_MS=280
 MESSAGE_REPLY_PRESENCE_SUBSCRIBE=true
+CONVERSATIONAL_AUTO_REPLY_ENABLED=false
 METRICS_ENABLED=true
 METRICS_ENDPOINT=
 METRICS_HOST=127.0.0.1
@@ -308,6 +325,7 @@ WEB_USER_PASSWORD_RECOVERY_HASH_SECRET=
 WEB_URL=https://omnizap.shop
 WEB_VISITOR_COOKIE_TTL_SECONDS=31536000
 WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN=true
+WHATSAPP_ALLOW_SELF_COMMANDS_ON_APPEND=true
 WHATSAPP_GOOGLE_LINK_CHECK_CACHE_TTL_MS=60000
 WHATSAPP_LOGIN_LINK_TTL_SECONDS=900
 WHATSAPP_LOGIN_REQUIRE_SIGNATURE=true
@@ -320,6 +338,26 @@ FFMPEG_PATH=ffmpeg
 FFPROBE_PATH=ffprobe
 HTTP_SLO_TARGET_MS=750
 NEWS_API_URL=http://127.0.0.1:3001
+NEWS_API_ARTICLES_PATH=/articles
+NEWS_API_ARTICLE_BY_ID_PATH=/articles/:id
+NEWS_API_ARTICLE_BY_SLUG_PATH=/articles/slug/:slug
+NEWS_API_TRENDS_PATH=/trends
+NEWS_API_FRANCHISES_PATH=/franchises
+NEWS_API_FRANCHISE_BY_SLUG_PATH=/franchises/:slug
+NEWS_API_SOURCES_PATH=/sources
+NEWS_API_SOURCE_BY_ID_PATH=/sources/:sourceId
+NEWS_API_SEO_ENTITIES_PATH=/seo/entities
+NEWS_API_SEO_BY_TYPE_SLUG_PATH=/seo/:type/:slug
+NEWS_API_LIMIT=120
+NEWS_API_TIMEOUT_MS=15000
+NEWS_API_DETAILS_TIMEOUT_MS=15000
+NEWS_API_CONTEXT_TTL_MS=180000
+NEWS_API_DETAILS_CACHE_TTL_MS=360000
+NEWS_API_CONTEXT_TOP=40
+NEWS_API_LEGACY_FALLBACK=true
+NEWS_SMART_SELECTION_ENABLED=true
+NEWS_SMART_SELECTION_WINDOW=80
+NEWS_CAPTION_CONTEXT_ENABLED=true
 NEWS_SENT_IDS_LIMIT=500
 OMNIZAP_SOCIAL_METRICS=0
 OPENAI_IMAGE_MODEL=gpt-5-nano
@@ -774,23 +812,34 @@ GITHUB_REPOSITORY=Omnizap-System/omnizap
 GITHUB_TOKEN=
 GRAFANA_ADMIN_PASSWORD=admin
 GRAFANA_ADMIN_USER=admin
+GRAFANA_ALLOW_EMBEDDING=true
 GRAFANA_DASHBOARDS_PATH=./observability/grafana/dashboards
 GRAFANA_IMAGE_TAG=10.4.3
 GRAFANA_BIND_HOST=127.0.0.1
 GRAFANA_PORT=3003
+GRAFANA_PUBLIC_URL=https://omnizap.shop/api/grafana
 GRAFANA_PROVISIONING_PATH=./observability/grafana/provisioning
-GRAFANA_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/
+GRAFANA_ROOT_URL=https://omnizap.shop/api/grafana
+GRAFANA_SERVE_FROM_SUB_PATH=true
+GRAFANA_PROXY_BASE_PATH=/api/grafana
+GRAFANA_PROXY_LEGACY_BASE_PATH=/grafana
+GRAFANA_PROXY_TARGET_URL=http://127.0.0.1:3003
+SYSTEM_ADMIN_GRAFANA_URL=https://omnizap.shop/api/grafana
+SYSTEM_ADMIN_GRAFANA_DASHBOARDS=omnizap-system-admin|System Admin,omnizap-overview|Overview,omnizap-mysql|MySQL
+SYSTEM_ADMIN_GRAFANA_TIME_FROM=now-6h
+SYSTEM_ADMIN_GRAFANA_TIME_TO=now
+SYSTEM_ADMIN_GRAFANA_REFRESH=10s
 GRAFANA_TIMEZONE=America/Boa_Vista
 LOKI_CONFIG_PATH=./observability/loki-config.yml
 LOKI_IMAGE_TAG=2.9.4
 LOKI_BIND_HOST=127.0.0.1
 LOKI_PORT=3100
 MYSQL_EXPORTER_CNF_PATH=./observability/mysql-exporter.cnf
-MYSQL_EXPORTER_DSN=exporter:exporter@(host.docker.internal:3306)/
+MYSQL_EXPORTER_DSN=exporter:exporter@unix(/run/mysqld/mysqld.sock)/
 MYSQL_EXPORTER_IMAGE_TAG=v0.15.1
 MYSQL_EXPORTER_BIND_HOST=127.0.0.1
 MYSQL_EXPORTER_PORT=9104
-MYSQL_LOGS_PATH=/var/lib/mysql
+MYSQL_LOGS_PATH=/var/log/mysql
 NODE_AUTH_TOKEN=
 NODE_EXPORTER_IMAGE_TAG=v1.7.0
 NODE_EXPORTER_BIND_HOST=127.0.0.1
@@ -860,6 +909,26 @@ WIKI_SYNC_SOURCE_DIR=./docs/wiki
 WIKI_SYNC_TMP_DIR=/tmp/omnizap-wiki-sync
 STACK_NAME=omnizap
 
+# ==============================
+# PAYMENTS (STRIPE CHECKOUT + WEBHOOK)
+# ==============================
+STRIPE_PAYMENTS_ENABLED=true
+PAYMENTS_API_BASE_PATH=/api/payments
+PAYMENTS_WEB_PATH=/pagamentos
+STRIPE_SECRET_KEY=
+STRIPE_WEBHOOK_SECRET=
+STRIPE_PRICE_ID=
+STRIPE_CHECKOUT_MODE=subscription
+STRIPE_PLAN_NAME=Plano Premium
+STRIPE_PLAN_PRICE_LABEL=Assinatura recorrente
+STRIPE_CHECKOUT_SUCCESS_URL=https://omnizap.shop/pagamentos/sucesso?session_id={CHECKOUT_SESSION_ID}
+STRIPE_CHECKOUT_CANCEL_URL=https://omnizap.shop/pagamentos/cancelado
+STRIPE_API_BASE_URL=https://api.stripe.com/v1
+STRIPE_API_TIMEOUT_MS=10000
+STRIPE_ALLOW_PROMOTION_CODES=true
+STRIPE_WEBHOOK_TOLERANCE_SECONDS=300
+STRIPE_AUTO_REVOKE_ON_CANCELLATION=false
+
 # ==============================
 # EMAIL AUTOMATION (SMTP/OUTBOX)
 # ==============================

package/.github/workflows/ci.yml

@@ -57,6 +57,9 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: DB bootstrap smoke test
+        run: npm run db:init
+
       - name: Check formatting
         run: npm run format:check
 
@@ -68,6 +71,3 @@ jobs:
 
       - name: Build
         run: npm run build
-
-      - name: DB bootstrap smoke test
-        run: npm run db:init

package/.github/workflows/security-runner-hardening.yml

@@ -18,7 +18,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Harden runner
-        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594
         with:
           egress-policy: audit
 

package/.github/workflows/security-zap-full-scan.yml

@@ -39,5 +39,6 @@ jobs:
         with:
           target: ${{ env.TARGET_URL }}
           fail_action: false
+          artifact_name: zap-scan-full
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/app/config/index.js

@@ -1,4 +1,10 @@
+/**
+ * Barrel de configuração da aplicação.
+ * Reexporta utilitários de Baileys, grupos, identidade admin, logger e sessão.
+ */
 export * from '../configParts/baileysConfig.js';
 export * from '../configParts/groupUtils.js';
 export * from '../configParts/adminIdentity.js';
 export * from '../configParts/loggerConfig.js';
+export * from '../configParts/sessionConfig.js';
+export * from '../../utils/whatsapp/contactEnv.js';

package/app/configParts/adminIdentity.js

@@ -1,12 +1,18 @@
 import { encodeJid, getJidUser, isSameJidUser, normalizeJid } from './baileysConfig.js';
 import { extractUserIdInfo, resolveUserId, resolveUserIdCached } from './baileysConfig.js';
-
-const ADMIN_ENV_KEY = 'USER_ADMIN';
-
-const normalizePhoneDigits = (value) => String(value || '').replace(/\D+/g, '');
-
-export const getAdminRawValue = () => String(process.env[ADMIN_ENV_KEY] || '').trim();
-
+import { normalizePhoneDigits, resolveAdminIdentityRawFromEnv, resolveAdminPhoneFromEnv } from '../../utils/whatsapp/contactEnv.js';
+
+/**
+ * Retorna o valor bruto configurado para identidade de admin.
+ * @returns {string}
+ */
+export const getAdminRawValue = () => resolveAdminIdentityRawFromEnv();
+
+/**
+ * Resolve o JID do administrador com base no valor de ambiente.
+ * Aceita JID completo ou telefone numérico.
+ * @returns {string|null}
+ */
 export const getAdminJid = () => {
   const raw = getAdminRawValue();
   if (!raw) return null;
@@ -27,7 +33,15 @@ export const getAdminJid = () => {
   return normalizedResolved || candidate;
 };
 
+/**
+ * Resolve o telefone do administrador.
+ * Prioriza `ADMIN_PHONE` explícito e faz fallback para JID/identidade.
+ * @returns {string|null}
+ */
 export const getAdminPhone = () => {
+  const explicitAdminPhone = resolveAdminPhoneFromEnv({ fallback: '' });
+  if (explicitAdminPhone) return explicitAdminPhone;
+
   const adminJid = getAdminJid();
   if (!adminJid) return null;
 
@@ -38,6 +52,10 @@ export const getAdminPhone = () => {
   return digits || null;
 };
 
+/**
+ * Resolve o JID do admin consultando reconciliação LID/JID quando disponível.
+ * @returns {Promise<string|null>}
+ */
 export const resolveAdminJid = async () => {
   const cached = getAdminJid();
   if (!cached) return null;
@@ -50,6 +68,11 @@ export const resolveAdminJid = async () => {
   }
 };
 
+/**
+ * Verifica se um JID de remetente corresponde ao administrador.
+ * @param {string|null|undefined} senderJid
+ * @returns {boolean}
+ */
 export const isAdminSender = (senderJid) => {
   const adminJid = getAdminJid();
   if (!adminJid || !senderJid) return false;
@@ -60,6 +83,12 @@ export const isAdminSender = (senderJid) => {
   return isSameJidUser(normalizedSender, adminJid) || normalizedSender === adminJid;
 };
 
+/**
+ * Verifica se a identidade do remetente corresponde ao administrador.
+ * Considera candidatos `jid`, `lid`, `participantAlt` e resolução assíncrona.
+ * @param {unknown} senderIdentity
+ * @returns {Promise<boolean>}
+ */
 export const isAdminSenderAsync = async (senderIdentity) => {
   const senderInfo = extractUserIdInfo(senderIdentity);
   if (!senderInfo.raw && !senderInfo.jid && !senderInfo.lid && !senderInfo.participantAlt) return false;