@omnizap-system/omnizap 2.6.1 → 2.6.3

package/app/connection/socketController.multiSession.test.js

@@ -0,0 +1,128 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+
+import { createGroupOwnerWriteStateResolver } from './groupOwnerWriteStateResolver.js';
+
+/**
+ * Cria um cache em memória simples para testes.
+ * @returns {{get: (key: string) => any, set: (key: string, value: any) => boolean, del: (key: string) => boolean, keys: () => string[]}}
+ */
+const createCache = () => {
+  const map = new Map();
+  return {
+    get: (key) => map.get(key),
+    set: (key, value) => {
+      map.set(key, value);
+      return true;
+    },
+    del: (key) => map.delete(key),
+    keys: () => Array.from(map.keys()),
+  };
+};
+
+/**
+ * Monta a chave de cache por sessão e grupo.
+ * @param {string} groupJid
+ * @param {string} sessionId
+ * @returns {string}
+ */
+const buildCacheKey = (groupJid, sessionId) => `${sessionId}:${groupJid}`;
+
+/**
+ * Normaliza o ID da sessão para os cenários de teste.
+ * @param {string | null | undefined} value
+ * @returns {string}
+ */
+const normalizeSessionId = (value) => String(value || '').trim() || 'default';
+/**
+ * Verifica se o JID pertence a grupo.
+ * @param {string | null | undefined} jid
+ * @returns {boolean}
+ */
+const isGroupJid = (jid) => String(jid || '').endsWith('@g.us');
+
+test('socketController multi-session: fencing token por assignment_version invalida writer stale', async () => {
+  let ownerState = {
+    ownerSessionId: 'session-a',
+    assignmentVersion: 1,
+  };
+
+  const resolver = createGroupOwnerWriteStateResolver({
+    buildCacheKeyImpl: buildCacheKey,
+    getOwnerImpl: async () => ownerState,
+    tryAcquireImpl: async () => ({ acquired: false, reason: 'claim_disabled' }),
+    cacheImpl: createCache(),
+    isGroupJidImpl: isGroupJid,
+    normalizeSessionIdImpl: normalizeSessionId,
+    loggerImpl: { warn: () => {} },
+  });
+
+  const first = await resolver('120363555555555555@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'test_first',
+  });
+  assert.equal(first.allowed, true);
+  assert.equal(first.assignmentVersion, 1);
+
+  ownerState = {
+    ownerSessionId: 'session-a',
+    assignmentVersion: 2,
+  };
+
+  const stale = await resolver('120363555555555555@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'test_stale',
+    expectedAssignmentVersion: 1,
+    enforceFence: true,
+  });
+  assert.equal(stale.allowed, false);
+  assert.equal(stale.reason, 'fence_token_mismatch');
+  assert.equal(stale.assignmentVersion, 2);
+});
+
+test('socketController multi-session: sessão antiga perde escrita após failover de owner', async () => {
+  let ownerState = {
+    ownerSessionId: 'session-a',
+    assignmentVersion: 7,
+  };
+
+  const resolver = createGroupOwnerWriteStateResolver({
+    buildCacheKeyImpl: buildCacheKey,
+    getOwnerImpl: async () => ownerState,
+    tryAcquireImpl: async () => ({ acquired: false, reason: 'claim_disabled' }),
+    cacheImpl: createCache(),
+    isGroupJidImpl: isGroupJid,
+    normalizeSessionIdImpl: normalizeSessionId,
+    loggerImpl: { warn: () => {} },
+  });
+
+  const beforeFailover = await resolver('120363666666666666@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'before_failover',
+  });
+  assert.equal(beforeFailover.allowed, true);
+  assert.equal(beforeFailover.assignmentVersion, 7);
+
+  ownerState = {
+    ownerSessionId: 'session-b',
+    assignmentVersion: 8,
+  };
+
+  const staleOwner = await resolver('120363666666666666@g.us', 'session-a', {
+    allowClaim: false,
+    source: 'after_failover_old_owner',
+    expectedAssignmentVersion: 7,
+    enforceFence: true,
+  });
+  assert.equal(staleOwner.allowed, false);
+  assert.equal(staleOwner.reason, 'owned_by_other');
+
+  const newOwner = await resolver('120363666666666666@g.us', 'session-b', {
+    allowClaim: false,
+    source: 'after_failover_new_owner',
+    expectedAssignmentVersion: 8,
+    enforceFence: true,
+  });
+  assert.equal(newOwner.allowed, true);
+  assert.equal(newOwner.assignmentVersion, 8);
+});

package/app/controllers/messageController.js

@@ -4,4 +4,4 @@ import { handleMessagesThroughPipeline } from './messageProcessingPipeline.js';
  * Facade do controller de mensagens.
  * Mantem assinatura/compatibilidade enquanto delega ao pipeline modular.
  */
-export const handleMessages = async (update, sock) => handleMessagesThroughPipeline(update, sock);
+export const handleMessages = async (update, sock, options = {}) => handleMessagesThroughPipeline(update, sock, options);

package/app/controllers/messagePipeline/commandMiddleware.js

@@ -42,17 +42,19 @@ export const createCommandMiddleware = ({ isAdminCommand, isKnownNonAdminCommand
       }
     }
 
-    if (COMMAND_REACT_EMOJI) {
-      try {
-        await sendAndStore(ctx.sock, ctx.remoteJid, {
-          react: {
-            text: COMMAND_REACT_EMOJI,
-            key: ctx.key,
-          },
+    if (COMMAND_REACT_EMOJI?.trim() && ctx?.key) {
+      sendAndStore(ctx.sock, ctx.remoteJid, {
+        react: {
+          text: COMMAND_REACT_EMOJI,
+          key: ctx.key,
+        },
+      }).catch((error) => {
+        logger.warn('Falha ao enviar reação de comando', {
+          error: error?.message,
+          jid: ctx.remoteJid,
+          messageId: ctx.key?.id,
         });
-      } catch (error) {
-        logger.warn('Falha ao enviar reação de comando:', error?.message);
-      }
+      });
     }
 
     const execution = await executeMessageCommandRoute({

package/app/controllers/messagePipeline/conversationMiddleware.js

@@ -1,4 +1,4 @@
-export const createConversationMiddleware = ({ logger, resolveSenderAdminForContext, resolveSenderOwnerForContext, resolveHasGoogleLoginForContext, isUserAdmin, isAdminSenderAsync, resolveCanonicalSenderJidForContext, isWhatsAppUserLinkedToGoogleWebAccount, WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN, ensureUserHasGoogleWebLoginForCommand, executeMessageCommandRoute, isAdminCommand, runCommand, sendReply, routeConversationMessage, stopMessagePipeline }) => {
+export const createConversationMiddleware = ({ logger, resolveSenderAdminForContext, resolveSenderOwnerForContext, resolveHasGoogleLoginForContext, isUserAdmin, isAdminSenderAsync, resolveCanonicalSenderJidForContext, isWhatsAppUserLinkedToGoogleWebAccount, WHATSAPP_COMMAND_REQUIRES_GOOGLE_LOGIN, ensureUserHasGoogleWebLoginForCommand, executeMessageCommandRoute, isAdminCommand, runCommand, sendReply, routeConversationMessage, stopMessagePipeline, conversationAutoReplyEnabled = true }) => {
   const resolveToolSecurityContextForConversation = async (ctx) => {
     if (ctx.memo.toolSecurityContext) return ctx.memo.toolSecurityContext;
 
@@ -133,6 +133,7 @@ export const createConversationMiddleware = ({ logger, resolveSenderAdminForCont
   };
 
   return async (ctx) => {
+    if (!conversationAutoReplyEnabled) return null;
     if (ctx.isCommandMessage || ctx.isMessageFromBot || !ctx.isNotifyUpsert) return null;
 
     try {

package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js

@@ -26,6 +26,8 @@ const createBaseContext = (overrides = {}) => ({
   mediaEntries: [],
   upsertType: 'notify',
   isNotifyUpsert: true,
+  sessionId: 'session-default',
+  ownerSessionId: null,
   isCommandMessage: false,
   hasCommandPrefix: false,
   analysisPayload: {
@@ -166,6 +168,108 @@ test('pre-processing trata trigger de iniciar login', async () => {
   assert.equal(stopSpy.calls[0].metadataPatch.flow, 'whatsapp_google_login');
 });
 
+test('pre-processing owner gate bloqueia sessao nao-owner em modo enforce', async () => {
+  const stopSpy = createStopSpy();
+
+  const middlewares = createPreProcessingMiddlewares({
+    executeQuery: async () => [],
+    TABLES: { RPG_PLAYER: 'rpg_player' },
+    isStatusJid: () => false,
+    stopMessagePipeline: stopSpy.stopMessagePipeline,
+    handleAntiLink: async () => false,
+    ensureCommandPrefixForContext: async () => '/',
+    resolveCaptchaByMessage: async () => {},
+    maybeHandleStartLoginMessage: async () => false,
+    mergeAnalysisMetadata: (analysisPayload, patch) => {
+      analysisPayload.metadata = {
+        ...(analysisPayload.metadata || {}),
+        ...(patch || {}),
+      };
+    },
+    ensureGroupConfigForContext: async () => ({}),
+    resolveStickerFocusState: () => ({ enabled: false }),
+    resolveStickerFocusMessageClassification: () => ({ isThrottleCandidate: false }),
+    resolveGroupOwnerForContext: async (ctx) => {
+      ctx.ownerSessionId = 'session-owner';
+      return { ownerSessionId: 'session-owner' };
+    },
+    ownerEnforcementMode: 'enforce',
+    primarySessionId: 'session-primary',
+    isUserAdmin: async () => false,
+    canSendMessageInStickerFocus: () => ({ allowed: true, remainingMs: 0 }),
+    registerMessageUsageInStickerFocus: () => {},
+    shouldSendStickerFocusWarning: () => false,
+    sendReply: async () => {},
+    formatStickerFocusRuleLabel: () => '',
+    formatRemainingMinutesLabel: () => 1,
+    logger: { warn: () => {}, info: () => {} },
+  });
+
+  const ctx = createBaseContext({
+    sessionId: 'session-worker',
+    isGroupMessage: true,
+    remoteJid: '120363111111111111@g.us',
+  });
+  const result = await middlewares.enforceGroupOwnerMiddleware(ctx);
+
+  assert.deepEqual(result, { stop: true });
+  assert.equal(stopSpy.calls.length, 1);
+  assert.equal(stopSpy.calls[0].processingResult, 'blocked_group_owner_enforcement');
+  assert.equal(ctx.analysisPayload.metadata.owner_enforcement_result, 'blocked_non_owner');
+  assert.equal(ctx.analysisPayload.metadata.owner_session_id, 'session-owner');
+});
+
+test('pre-processing owner gate apenas loga em modo shadow para sessao nao-owner', async () => {
+  const stopSpy = createStopSpy();
+  const infoLogs = [];
+
+  const middlewares = createPreProcessingMiddlewares({
+    executeQuery: async () => [],
+    TABLES: { RPG_PLAYER: 'rpg_player' },
+    isStatusJid: () => false,
+    stopMessagePipeline: stopSpy.stopMessagePipeline,
+    handleAntiLink: async () => false,
+    ensureCommandPrefixForContext: async () => '/',
+    resolveCaptchaByMessage: async () => {},
+    maybeHandleStartLoginMessage: async () => false,
+    mergeAnalysisMetadata: (analysisPayload, patch) => {
+      analysisPayload.metadata = {
+        ...(analysisPayload.metadata || {}),
+        ...(patch || {}),
+      };
+    },
+    ensureGroupConfigForContext: async () => ({}),
+    resolveStickerFocusState: () => ({ enabled: false }),
+    resolveStickerFocusMessageClassification: () => ({ isThrottleCandidate: false }),
+    resolveGroupOwnerForContext: async (ctx) => {
+      ctx.ownerSessionId = 'session-owner';
+      return { ownerSessionId: 'session-owner' };
+    },
+    ownerEnforcementMode: 'shadow',
+    primarySessionId: 'session-primary',
+    isUserAdmin: async () => false,
+    canSendMessageInStickerFocus: () => ({ allowed: true, remainingMs: 0 }),
+    registerMessageUsageInStickerFocus: () => {},
+    shouldSendStickerFocusWarning: () => false,
+    sendReply: async () => {},
+    formatStickerFocusRuleLabel: () => '',
+    formatRemainingMinutesLabel: () => 1,
+    logger: { warn: () => {}, info: (msg, payload) => infoLogs.push({ msg, payload }) },
+  });
+
+  const ctx = createBaseContext({
+    sessionId: 'session-worker',
+    isGroupMessage: true,
+  });
+  const result = await middlewares.enforceGroupOwnerMiddleware(ctx);
+
+  assert.equal(result, null);
+  assert.equal(stopSpy.calls.length, 0);
+  assert.equal(ctx.pipelineStopped, false);
+  assert.equal(ctx.analysisPayload.metadata.owner_enforcement_result, 'shadow_non_owner');
+  assert.equal(infoLogs.length, 1);
+});
+
 test('conversation middleware responde e interrompe pipeline', async () => {
   const stopSpy = createStopSpy();
   const replies = [];

package/app/controllers/messagePipeline/preProcessingMiddlewares.js

@@ -1,4 +1,9 @@
-export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJid, stopMessagePipeline, handleAntiLink, ensureCommandPrefixForContext, resolveCaptchaByMessage, maybeHandleStartLoginMessage, mergeAnalysisMetadata, ensureGroupConfigForContext, resolveStickerFocusState, resolveStickerFocusMessageClassification, resolveSenderAdminForContext, isUserAdmin, canSendMessageInStickerFocus, registerMessageUsageInStickerFocus, shouldSendStickerFocusWarning, sendReply, formatStickerFocusRuleLabel, formatRemainingMinutesLabel, logger }) => {
+export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJid, stopMessagePipeline, handleAntiLink, ensureCommandPrefixForContext, resolveCaptchaByMessage, maybeHandleStartLoginMessage, mergeAnalysisMetadata, ensureGroupConfigForContext, resolveStickerFocusState, resolveStickerFocusMessageClassification, resolveGroupOwnerForContext, ownerEnforcementMode = 'off', primarySessionId = 'default', allowSelfCommandsOnAppend = true, resolveSenderAdminForContext, isUserAdmin, canSendMessageInStickerFocus, registerMessageUsageInStickerFocus, shouldSendStickerFocusWarning, sendReply, formatStickerFocusRuleLabel, formatRemainingMinutesLabel, logger }) => {
+  const normalizedOwnerEnforcementMode = String(ownerEnforcementMode || 'off')
+    .trim()
+    .toLowerCase();
+  const effectiveOwnerEnforcementMode = normalizedOwnerEnforcementMode === 'enforce' || normalizedOwnerEnforcementMode === 'shadow' ? normalizedOwnerEnforcementMode : 'off';
+
   const touchSenderLastSeenMiddleware = async (ctx) => {
     if (!ctx.senderJid || isStatusJid(ctx.remoteJid)) return;
 
@@ -21,6 +26,78 @@ export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJ
     });
   };
 
+  const enforceGroupOwnerMiddleware = async (ctx) => {
+    if (!ctx.isGroupMessage) return null;
+
+    mergeAnalysisMetadata(ctx.analysisPayload, {
+      owner_enforcement_mode: effectiveOwnerEnforcementMode,
+      processing_session_id: ctx.sessionId,
+    });
+
+    if (effectiveOwnerEnforcementMode === 'off') return null;
+
+    if (typeof resolveGroupOwnerForContext !== 'function') {
+      logger.warn('Middleware de owner enforcement sem resolver de owner configurado.', {
+        action: 'group_owner_enforcement_missing_resolver',
+        sessionId: ctx.sessionId,
+        groupId: ctx.remoteJid,
+      });
+      return null;
+    }
+
+    const ownerState = await resolveGroupOwnerForContext(ctx);
+    const ownerSessionId = String(ctx.ownerSessionId || ownerState?.ownerSessionId || '').trim() || null;
+    ctx.ownerSessionId = ownerSessionId;
+
+    mergeAnalysisMetadata(ctx.analysisPayload, {
+      owner_session_id: ownerSessionId,
+    });
+
+    if (!ownerSessionId) {
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_enforcement_result: 'owner_not_found',
+      });
+      return null;
+    }
+
+    const currentSessionId = String(ctx.sessionId || '').trim() || primarySessionId;
+    const isOwnerSession = ownerSessionId === currentSessionId;
+    if (isOwnerSession) {
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_enforcement_result: 'owner_match',
+      });
+      return null;
+    }
+
+    if (effectiveOwnerEnforcementMode === 'shadow') {
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        owner_enforcement_result: 'shadow_non_owner',
+      });
+      logger.info('Owner enforcement (shadow): sessao nao-owner detectada no grupo.', {
+        action: 'group_owner_enforcement_shadow_non_owner',
+        groupId: ctx.remoteJid,
+        sessionId: currentSessionId,
+        ownerSessionId,
+        messageId: ctx.key?.id || null,
+      });
+      return null;
+    }
+
+    mergeAnalysisMetadata(ctx.analysisPayload, {
+      owner_enforcement_result: 'blocked_non_owner',
+      blocked_by: 'group_owner_enforcement',
+    });
+    logger.info('Owner enforcement: mensagem bloqueada em sessao nao-owner.', {
+      action: 'group_owner_enforcement_blocked_non_owner',
+      groupId: ctx.remoteJid,
+      sessionId: currentSessionId,
+      ownerSessionId,
+      messageId: ctx.key?.id || null,
+      isCommand: ctx.isCommandMessage,
+    });
+    return stopMessagePipeline(ctx, 'blocked_group_owner_enforcement');
+  };
+
   const applyGroupPolicyMiddleware = async (ctx) => {
     if (!ctx.isGroupMessage) return null;
 
@@ -79,12 +156,26 @@ export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJ
 
   const detectCommandIntentMiddleware = async (ctx) => {
     ctx.hasCommandPrefix = ctx.extractedText.startsWith(ctx.commandPrefix);
-    ctx.isCommandMessage = ctx.hasCommandPrefix && ctx.isNotifyUpsert;
+    const isSelfAppendCommand =
+      allowSelfCommandsOnAppend &&
+      ctx.hasCommandPrefix &&
+      !ctx.isNotifyUpsert &&
+      String(ctx.upsertType || '')
+        .trim()
+        .toLowerCase() === 'append' &&
+      ctx.isMessageFromBot;
+    ctx.isCommandMessage = ctx.hasCommandPrefix && (ctx.isNotifyUpsert || isSelfAppendCommand);
 
     ctx.analysisPayload.isCommand = ctx.isCommandMessage;
     ctx.analysisPayload.commandPrefix = ctx.commandPrefix;
 
-    if (ctx.hasCommandPrefix && !ctx.isNotifyUpsert) {
+    if (isSelfAppendCommand) {
+      mergeAnalysisMetadata(ctx.analysisPayload, {
+        command_detected_via: 'append_from_me',
+      });
+    }
+
+    if (ctx.hasCommandPrefix && !ctx.isCommandMessage) {
       mergeAnalysisMetadata(ctx.analysisPayload, {
         command_suppressed_reason: 'non_notify_upsert',
       });
@@ -129,7 +220,7 @@ export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJ
       if (shouldSendStickerFocusWarning({ groupId: ctx.remoteJid, senderJid: ctx.senderJid })) {
         try {
           await sendReply(ctx.sock, ctx.remoteJid, ctx.messageInfo, ctx.expirationMessage, {
-            text: '🖼️ Este chat está com *foco em sticker* ativo.\n' + 'Siga o padrão: envie apenas *imagens* ou *vídeos* para criação automática, ou compartilhe seus *stickers*.\n' + `Mensagens como texto e áudio seguem uma janela de tempo: *${formatStickerFocusRuleLabel(stickerFocusState)}*.\n` + `Tente novamente em ~${formatRemainingMinutesLabel(messageGate.remainingMs)} min ou peça para um admin abrir a janela com *${ctx.commandPrefix}chatwindow on*.`,
+            text: '🖼️ *Modo Sticker ativo!*\n\n' + 'Este chat está focado em *stickers automáticos*.\n' + '👉 Envie apenas *imagens* ou *vídeos* para gerar stickers,\n' + '👉 Ou compartilhe *stickers* normalmente.\n\n' + '⏳ *Texto e áudio estão temporariamente limitados*.\n' + `Janela atual: *${formatStickerFocusRuleLabel(stickerFocusState)}*\n` + `Tente novamente em ~${formatRemainingMinutesLabel(messageGate.remainingMs)}.\n\n` + `💡 Um admin pode liberar com: *${ctx.commandPrefix}chatwindow on*`,
           });
         } catch (error) {
           logger.warn('Falha ao enviar aviso de sticker focus.', {
@@ -157,6 +248,7 @@ export const createPreProcessingMiddlewares = ({ executeQuery, TABLES, isStatusJ
   return {
     touchSenderLastSeenMiddleware,
     ignoreUnprocessableMessageMiddleware,
+    enforceGroupOwnerMiddleware,
     applyGroupPolicyMiddleware,
     resolveCaptchaMiddleware,
     handleStartLoginTriggerMiddleware,