@raevon/n8n-nodes-whatsapp 1.0.0 → 1.0.2

package/dist/credentials/WhatsAppApi.credentials.js

@@ -1,6 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.WhatsAppApi = void 0;
+// Note: WhatsApp uses WebSocket (not HTTP), so n8n's ICredentialTestRequest
+// can't test the connection. Session validation happens at socket connection
+// time in ensureConnected(). If the session is invalid, the first node
+// execution will trigger QR login automatically.
 class WhatsAppApi {
     constructor() {
         this.name = 'whatsappApi';

package/dist/nodes/WhatsApp/WhatsAppApiHelper.js

@@ -51,7 +51,17 @@ const node_http_1 = __importDefault(require("node:http"));
 const node_url_1 = require("node:url");
 const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
 const randBetween = (min, max) => max > min ? min + Math.floor(Math.random() * (max - min + 1)) : min;
+// I8: Extracted ~ path expansion to avoid duplication
+function expandHome(p) {
+    if (!p.startsWith('~'))
+        return p;
+    return node_path_1.default.join(process.env.HOME || process.env.USERPROFILE || '', p.slice(1));
+}
 // --- Singleton socket manager ---
+// NOTE: This singleton is shared across ALL n8n workflow executions using the same credential.
+// Anti-ban counters (sentTodayCount, sentInBurst, nextSendAt) are module-level — two workflows
+// burning through the same daily limit will share the counter. This is intentional for a
+// single-credential setup. Multi-credential support would require a Map<sessionPath, State>.
 let socketInstance = null;
 let socketStatus = 'stopped';
 let socketConfig = null;
@@ -65,7 +75,9 @@ let reconnectAttempts = 0;
 let reconnectTimer = null;
 let qrResolve = null;
 let qrHttpServer = null;
+let qrTimeout = null; // C3: Store timeout ref for cleanup
 let latestQr = null;
+let generation = 0; // #10: Generation counter — prevents stale handlers on reconnect
 function todayStartIso() {
     return new Date().toISOString().slice(0, 10) + 'T00:00:00.000Z';
 }
@@ -115,6 +127,13 @@ function stopQrServer() {
         qrHttpServer = null;
     }
 }
+function clearQrTimeout() {
+    if (qrTimeout) {
+        clearTimeout(qrTimeout);
+        qrTimeout = null;
+    }
+}
+// #7: Reconnect backoff with jitter — exponential 1s→60s, ±20% randomization
 async function scheduleReconnect(cfg) {
     if (reconnectTimer)
         return;
@@ -129,9 +148,8 @@ async function scheduleReconnect(cfg) {
 async function initSocket(cfg, authPath) {
     if (socketInstance && socketStatus === 'connected')
         return socketInstance;
-    const resolvedPath = authPath.startsWith('~')
-        ? node_path_1.default.join(process.env.HOME || process.env.USERPROFILE || '', authPath.slice(1))
-        : authPath;
+    const gen = ++generation; // #10: Snapshot generation for this connection attempt
+    const resolvedPath = expandHome(authPath);
     if (!node_fs_1.default.existsSync(resolvedPath)) {
         node_fs_1.default.mkdirSync(resolvedPath, { recursive: true });
     }
@@ -139,11 +157,13 @@ async function initSocket(cfg, authPath) {
     const { version } = await (0, baileys_1.fetchLatestBaileysVersion)();
     const sock = (0, baileys_1.default)({
         version,
+        // #12: Browser fingerprint — appears as Ubuntu Firefox, not a bot
         browser: baileys_1.Browsers.ubuntu('n8n WhatsApp Node'),
         auth: {
             creds: state.creds,
             keys: (0, baileys_1.makeCacheableSignalKeyStore)(state.keys, { level: 'silent' }),
         },
+        // #11: Stealth flags — don't go online, don't sync history, no link previews
         markOnlineOnConnect: false,
         syncFullHistory: false,
         shouldSyncHistoryMessage: () => false,
@@ -154,16 +174,22 @@ async function initSocket(cfg, authPath) {
     socketStatus = 'connecting';
     reconnectAttempts = 0;
     sock.ev.on('creds.update', () => {
-        saveCreds().catch(() => { });
+        if (gen !== generation)
+            return; // #10: Ignore stale connection events
+        saveCreds().catch((err) => {
+            console.error('[WhatsApp] Failed to save credentials:', err.message);
+        });
     });
     sock.ev.on('connection.update', (update) => {
         var _a, _b;
+        if (gen !== generation)
+            return; // #10: Ignore stale connection events
         const { connection, lastDisconnect, qr } = update;
         if (qr) {
             latestQr = qr;
             socketStatus = 'qr_ready';
-            const qrUrl = `https://quickchart.io/qr?text=${encodeURIComponent(qr)}&size=300`;
             if (qrResolve) {
+                const qrUrl = `https://quickchart.io/qr?text=${encodeURIComponent(qr)}&size=300`;
                 qrResolve({ qr, qrUrl });
                 qrResolve = null;
             }
@@ -172,6 +198,7 @@ async function initSocket(cfg, authPath) {
             socketStatus = 'connected';
             reconnectAttempts = 0;
             latestQr = null;
+            clearQrTimeout(); // C3: Clear QR timeout on successful connection
             stopQrServer();
             return;
         }
@@ -180,6 +207,7 @@ async function initSocket(cfg, authPath) {
             if (code === baileys_1.DisconnectReason.loggedOut) {
                 socketStatus = 'logged_out';
                 socketInstance = null;
+                ++generation; // #10: Invalidate all handlers from this session
                 stopQrServer();
             }
             else {
@@ -188,6 +216,8 @@ async function initSocket(cfg, authPath) {
             }
         }
     });
+    // #8: Fire-and-forget — no receipt tracking, no delivery acks, minimal protocol chatter
+    // (Baileys doesn't auto-track receipts unless you call readMessages/sendReceipt — we don't)
     return sock;
 }
 // --- Public API ---
@@ -221,11 +251,12 @@ async function ensureConnected(cfg) {
     };
     socketConfig = antiBanCfg;
     sessionPath = cfg.sessionPath;
-    queue = new p_queue_1.default({ concurrency: 1 });
+    // C1: Guard queue creation — only create once, preserve anti-ban state across calls
+    if (!queue) {
+        queue = new p_queue_1.default({ concurrency: 1 });
+    }
     // Start QR server for first-time setup
-    const resolvedPath = cfg.sessionPath.startsWith('~')
-        ? node_path_1.default.join(process.env.HOME || process.env.USERPROFILE || '', cfg.sessionPath.slice(1))
-        : cfg.sessionPath;
+    const resolvedPath = expandHome(cfg.sessionPath);
     const hasSession = node_fs_1.default.existsSync(resolvedPath) && node_fs_1.default.readdirSync(resolvedPath).length > 0;
     if (!hasSession) {
         await startQrServer(cfg.qrPort);
@@ -235,12 +266,13 @@ async function ensureConnected(cfg) {
     if (!hasSession) {
         const qrData = await new Promise((resolve) => {
             qrResolve = resolve;
-            // Timeout after 5 minutes
-            setTimeout(() => {
+            // C3: Store timeout ref so it can be cleared on successful scan
+            qrTimeout = setTimeout(() => {
                 if (qrResolve) {
                     qrResolve(null);
                     qrResolve = null;
                 }
+                qrTimeout = null;
             }, 300000);
         });
         if (!qrData) {
@@ -296,7 +328,7 @@ async function sendMessageWithAntiBan(to, content, cfg) {
         }
     }
     const jid = normalizeRecipient(to);
-    // Recipient validation
+    // Recipient validation (#6)
     if (cfg.checkRecipientExists && !jid.endsWith('@g.us')) {
         const results = await sock.onWhatsApp(jid);
         const result = results === null || results === void 0 ? void 0 : results[0];
@@ -317,12 +349,13 @@ async function sendMessageWithAntiBan(to, content, cfg) {
         dailySendLimit: cfg.dailySendLimit,
         checkRecipientExists: cfg.checkRecipientExists,
     };
-    const result = await queue.add(async () => {
+    // #9: HTTP timeout race — if anti-ban delays push past 15s, return queued
+    const task = queue.add(async () => {
         var _a;
         const wait = nextSendAt - Date.now();
         if (wait > 0)
             await sleep(wait);
-        // Typing simulation
+        // Typing simulation (#4)
         await simulateTyping(jid, content, antiBanCfg);
         // Build message content
         const msgContent = {};
@@ -345,9 +378,9 @@ async function sendMessageWithAntiBan(to, content, cfg) {
         if (content.ptt !== undefined)
             msgContent.ptt = content.ptt;
         const response = await sock.sendMessage(jid, msgContent);
-        // Update anti-ban timing
+        // Update anti-ban timing (#2, #3)
         nextSendAt = Date.now() + sendGapMs(antiBanCfg) + burstPauseMs(antiBanCfg);
-        // Update daily count
+        // Update daily count (#5)
         if (cfg.dailySendLimit > 0)
             sentTodayCount++;
         if (!((_a = response === null || response === void 0 ? void 0 : response.key) === null || _a === void 0 ? void 0 : _a.id)) {
@@ -359,7 +392,23 @@ async function sendMessageWithAntiBan(to, content, cfg) {
             recipient: jid,
         };
     });
-    return result;
+    // #9: HTTP timeout race — hand off to background if anti-ban delay exceeds 15s
+    let timer;
+    const winner = await Promise.race([
+        task.then(result => ({ result }), error => ({ error })),
+        new Promise(resolve => { timer = setTimeout(() => resolve(null), 15000); }),
+    ]);
+    clearTimeout(timer);
+    if (!winner) {
+        // Queued behind anti-ban delays — let it send in background
+        task.then(() => { }, () => { });
+        return { messageId: 'queued', status: 'queued', recipient: jid };
+    }
+    const w = winner;
+    if (w.error) {
+        throw w.error;
+    }
+    return w.result;
 }
 function getConnectionStatus() {
     var _a;
@@ -373,7 +422,7 @@ function getConnectionStatus() {
     };
 }
 function parseIncomingMessage(msg) {
-    var _a, _b, _c, _d, _e, _f, _g;
+    var _a, _b, _c, _d, _e, _f, _g, _h;
     if (!msg.message || !msg.key || !msg.key.remoteJid)
         return null;
     let content = null;
@@ -414,10 +463,11 @@ function parseIncomingMessage(msg) {
     return {
         messageId: msg.key.id,
         chatJid: msg.key.remoteJid,
-        sender: msg.key.participant || (msg.key.remoteJid !== msg.key.participant ? msg.key.remoteJid : null),
+        // C4: Simplified sender logic — participant is sender in groups, remoteJid in DMs
+        sender: (_g = msg.key.participant) !== null && _g !== void 0 ? _g : msg.key.remoteJid,
         content: content || `[${messageType}]`,
         timestamp: new Date(timestampSeconds * 1000).toISOString(),
-        isFromMe: (_g = msg.key.fromMe) !== null && _g !== void 0 ? _g : false,
+        isFromMe: (_h = msg.key.fromMe) !== null && _h !== void 0 ? _h : false,
         messageType,
     };
 }

package/dist/nodes/WhatsApp/WhatsAppTrigger.node.js

@@ -2,8 +2,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.WhatsAppTrigger = void 0;
 const WhatsAppApiHelper_1 = require("./WhatsAppApiHelper");
-const messageBuffer = [];
-let socketInitialized = false;
+// Per-credential buffers — one buffer per session path
+// This ensures multiple trigger nodes with different credentials don't share messages
+const buffersBySession = new Map();
+const initializedBySession = new Set();
 class WhatsAppTrigger {
     constructor() {
         this.description = {
@@ -51,8 +53,14 @@ class WhatsAppTrigger {
         const cfg = await (0, WhatsAppApiHelper_1.getWhatsAppCredentials)(credentials);
         const chatFilter = this.getNodeParameter('chatJidFilter', '');
         const onlyText = this.getNodeParameter('onlyText', false);
-        // Initialize socket listener once
-        if (!socketInitialized) {
+        const sessionKey = cfg.sessionPath;
+        // Get or create buffer for this credential
+        if (!buffersBySession.has(sessionKey)) {
+            buffersBySession.set(sessionKey, []);
+        }
+        const buffer = buffersBySession.get(sessionKey);
+        // Initialize socket listener once per credential
+        if (!initializedBySession.has(sessionKey)) {
             const sock = await (0, WhatsAppApiHelper_1.ensureConnected)(cfg);
             sock.ev.on('messages.upsert', (upsert) => {
                 const { messages, type } = upsert;
@@ -68,15 +76,15 @@ class WhatsAppTrigger {
                         continue;
                     if (onlyText && parsed.messageType !== 'conversation' && parsed.messageType !== 'extendedTextMessage')
                         continue;
-                    messageBuffer.push(parsed);
+                    buffer.push(parsed);
                 }
             });
-            socketInitialized = true;
+            initializedBySession.add(sessionKey);
         }
         // Return buffered messages
-        if (messageBuffer.length === 0)
+        if (buffer.length === 0)
             return null;
-        const messages = messageBuffer.splice(0, messageBuffer.length);
+        const messages = buffer.splice(0, buffer.length);
         return [messages.map((msg) => ({
                 json: msg,
                 pairedItem: { item: 0 },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@raevon/n8n-nodes-whatsapp",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "n8n community node for WhatsApp — send and receive messages with anti-ban protection via the Baileys library",
   "keywords": [
     "n8n-community-node-package",
@@ -35,9 +35,7 @@
   },
   "dependencies": {
     "@whiskeysockets/baileys": "^7.0.0-rc13",
-    "p-queue": "^8.0.1",
-    "pino": "^9.6.0",
-    "open": "^10.1.0"
+    "p-queue": "^8.0.1"
   },
   "devDependencies": {
     "@types/node": "^20.19.39",