@ryuu-reinzz/baileys 3.5.0 → 5.0.0

package/lib/Utils/event-buffer.js

@@ -169,7 +169,27 @@ export const makeEventBuffer = (logger) => {
         },
         on: (...args) => ev.on(...args),
         off: (...args) => ev.off(...args),
-        removeAllListeners: (...args) => ev.removeAllListeners(...args)
+        removeAllListeners: (...args) => ev.removeAllListeners(...args),
+        destroy() {
+            // Clear buffer timeout
+            if (bufferTimeout) {
+                clearTimeout(bufferTimeout);
+                bufferTimeout = null;
+            }
+            if (flushPendingTimeout) {
+                clearTimeout(flushPendingTimeout);
+                flushPendingTimeout = null;
+            }
+            // Clear history cache
+            historyCache.clear();
+            // Reset buffer data
+            data = makeBufferData();
+            isBuffering = false;
+            bufferCount = 0;
+            // Remove all listeners
+            ev.removeAllListeners();
+            logger.debug('Event buffer destroyed');
+        }
     };
 };
 const makeBufferData = () => {
@@ -235,7 +255,33 @@ eventData, logger) {
             }
             data.historySets.empty = false;
             data.historySets.syncType = eventData.syncType;
+            if (eventData.pastParticipants?.length) {
+                const merged = new Map();
+                const sigOf = (p) => `${p.userJid || ''}:${p.leaveTs || ''}:${p.leaveReason || ''}`;
+                const ingest = (entry) => {
+                    const key = entry.groupJid ?? JSON.stringify(entry);
+                    const existing = merged.get(key);
+                    if (!existing) {
+                        merged.set(key, { ...entry, pastParticipants: [...(entry.pastParticipants || [])] });
+                        return;
+                    }
+                    const seen = new Set((existing.pastParticipants || []).map(sigOf));
+                    for (const p of entry.pastParticipants || []) {
+                        const sig = sigOf(p);
+                        if (!seen.has(sig)) {
+                            existing.pastParticipants.push(p);
+                            seen.add(sig);
+                        }
+                    }
+                };
+                for (const entry of data.historySets.pastParticipants || [])
+                    ingest(entry);
+                for (const entry of eventData.pastParticipants)
+                    ingest(entry);
+                data.historySets.pastParticipants = [...merged.values()];
+            }
             data.historySets.progress = eventData.progress;
+            data.historySets.chunkOrder = eventData.chunkOrder;
             data.historySets.peerDataRequestSessionId = eventData.peerDataRequestSessionId;
             data.historySets.isLatest = eventData.isLatest || data.historySets.isLatest;
             break;
@@ -500,9 +546,11 @@ function consolidateEvents(data) {
             chats: Object.values(data.historySets.chats),
             messages: Object.values(data.historySets.messages),
             contacts: Object.values(data.historySets.contacts),
+            pastParticipants: data.historySets.pastParticipants,
             syncType: data.historySets.syncType,
             progress: data.historySets.progress,
             isLatest: data.historySets.isLatest,
+            chunkOrder: data.historySets.chunkOrder,
             peerDataRequestSessionId: data.historySets.peerDataRequestSessionId
         };
     }

package/lib/Utils/generics.js

@@ -1,7 +1,7 @@
 import { Boom } from '@hapi/boom';
 import { createHash, randomBytes } from 'crypto';
 import { proto } from '../../WAProto/index.js';
-const baileysVersion = [2, 3000, 1033105955];
+const baileysVersion = [2, 3000, 1035194821];
 import { DisconnectReason } from '../Types/index.js';
 import { getAllBinaryNodeChildren, jidDecode } from '../WABinary/index.js';
 import { sha256 } from './crypto.js';
@@ -144,10 +144,10 @@ export const generateMessageIDV2 = (userId) => {
     const random = randomBytes(16);
     random.copy(data, 28);
     const hash = createHash('sha256').update(data).digest();
-    return '3EB0' + hash.toString('hex').toUpperCase().substring(0, 14) + "RYUU";
+    return '3EB0' + hash.toString('hex').toUpperCase().substring(0, 18);
 };
 // generate a random ID to attach to a message
-export const generateMessageID = () => '3EB0' + randomBytes(14).toString('hex').toUpperCase() + "RYUU";
+export const generateMessageID = () => '3EB0' + randomBytes(18).toString('hex').toUpperCase();
 export function bindWaitForEvent(ev, event) {
     return async (check, timeoutMs) => {
         let listener;
@@ -314,6 +314,15 @@ export const getCallStatusFromNode = ({ tag, attrs }) => {
                 status = 'terminate';
             }
             break;
+        case 'preaccept':
+            status = 'preaccept';
+            break;
+        case 'transport':
+            status = 'transport';
+            break;
+        case 'relaylatency':
+            status = 'relaylatency';
+            break;
         case 'reject':
             status = 'reject';
             break;

package/lib/Utils/history.js

@@ -1,5 +1,6 @@
+import { pipeline } from 'stream/promises';
 import { promisify } from 'util';
-import { inflate } from 'zlib';
+import { createInflate, inflate } from 'zlib';
 import { proto } from '../../WAProto/index.js';
 import { WAMessageStubType } from '../Types/index.js';
 import { isHostedLidUser, isHostedPnUser, isLidUser, isPnUser } from '../WABinary/index.js';
@@ -24,13 +25,13 @@ const extractPnFromMessages = (messages) => {
 };
 export const downloadHistory = async (msg, options) => {
     const stream = await downloadContentFromMessage(msg, 'md-msg-hist', { options });
-    const bufferArray = [];
-    for await (const chunk of stream) {
-        bufferArray.push(chunk);
-    }
-    let buffer = Buffer.concat(bufferArray);
-    // decompress buffer
-    buffer = await inflatePromise(buffer);
+    // Pipe decrypted stream directly through zlib inflate
+    // This avoids allocating an intermediate buffer for the compressed data
+    const inflater = createInflate();
+    const chunks = [];
+    inflater.on('data', (chunk) => chunks.push(chunk));
+    await pipeline(stream, inflater);
+    const buffer = Buffer.concat(chunks);
     const syncData = proto.HistorySync.decode(buffer);
     return syncData;
 };
@@ -55,6 +56,7 @@ export const processHistoryMessage = (item, logger) => {
                 contacts.push({
                     id: chat.id,
                     name: chat.displayName || chat.name || chat.username || undefined,
+                    username: chat.username || undefined,
                     lid: chat.lidJid || chat.accountLid || undefined,
                     phoneNumber: chat.pnJid || undefined
                 });
@@ -95,7 +97,7 @@ export const processHistoryMessage = (item, logger) => {
                         });
                     }
                 }
-                chats.push({ ...chat });
+                chats.push(chat);
             }
             break;
         case proto.HistorySync.HistorySyncType.PUSH_NAME:
@@ -109,6 +111,7 @@ export const processHistoryMessage = (item, logger) => {
         contacts,
         messages,
         lidPnMappings,
+        pastParticipants: item.pastParticipants,
         syncType: item.syncType,
         progress: item.progress
     };

package/lib/Utils/identity-change-handler.js

@@ -37,6 +37,7 @@ export async function handleIdentityChange(node, ctx) {
         ctx.logger.debug({ jid: from }, 'skipping session refresh during offline processing');
         return { action: 'skipped_offline' };
     }
+    ctx.onBeforeSessionRefresh?.(from);
     try {
         await ctx.assertSessions([from], true);
         return { action: 'session_refreshed' };

package/lib/Utils/index.js

@@ -11,11 +11,13 @@ export * from './chat-utils.js';
 export * from './lt-hash.js';
 export * from './auth-utils.js';
 export * from './use-multi-file-auth-state.js';
+export * from './use-sqlite-auth-state.js';
 export * from './link-preview.js';
 export * from './event-buffer.js';
 export * from './process-message.js';
 export * from './message-retry-manager.js';
 export * from './browser-utils.js';
+export * from './companion-reg-client-utils.js';
 export * from './identity-change-handler.js';
-export * from './use-sqlite-auth-state.js';
+export * from './stanza-ack.js';
 //# sourceMappingURL=index.js.map

package/lib/Utils/link-preview.js

@@ -19,7 +19,7 @@ export const getUrlInfo = async (text, opts = {
 }) => {
     try {
         // retries
-        const retries = 0;
+        let retries = 0;
         const maxRetry = 5;
         const { getLinkPreview } = await import('link-preview-js');
         let previewLink = text;
@@ -38,7 +38,7 @@ export const getUrlInfo = async (text, opts = {
                 if (forwardedURLObj.hostname === urlObj.hostname ||
                     forwardedURLObj.hostname === 'www.' + urlObj.hostname ||
                     'www.' + forwardedURLObj.hostname === urlObj.hostname) {
-                    retries + 1;
+                    retries += 1;
                     return true;
                 }
                 else {

package/lib/Utils/message-retry-manager.js

@@ -52,6 +52,11 @@ export class MessageRetryManager {
             ttlAutopurge: true,
             updateAgeOnGet: true
         }); // 15 minutes TTL
+        this.baseKeys = new LRUCache({
+            max: 1024,
+            ttl: 15 * 60 * 1000,
+            ttlAutopurge: true
+        });
         this.pendingPhoneRequests = {};
         this.maxMsgRetryCount = 5;
         this.statistics = {
@@ -210,6 +215,41 @@ export class MessageRetryManager {
             this.logger.debug(`Cancelled pending phone request for message ${messageId}`);
         }
     }
+    clear() {
+        this.recentMessagesMap.clear();
+        this.messageKeyIndex.clear();
+        this.sessionRecreateHistory.clear();
+        this.retryCounters.clear();
+        this.baseKeys.clear();
+        for (const messageId of Object.keys(this.pendingPhoneRequests)) {
+            this.cancelPendingPhoneRequest(messageId);
+        }
+        this.statistics = {
+            totalRetries: 0,
+            successfulRetries: 0,
+            failedRetries: 0,
+            mediaRetries: 0,
+            sessionRecreations: 0,
+            phoneRequests: 0
+        };
+    }
+    saveBaseKey(addr, msgId, baseKey) {
+        this.baseKeys.set(`${addr}:${msgId}`, baseKey);
+    }
+    hasSameBaseKey(addr, msgId, baseKey) {
+        const stored = this.baseKeys.get(`${addr}:${msgId}`);
+        if (!stored || stored.length !== baseKey.length) {
+            return false;
+        }
+        for (let i = 0; i < stored.length; i++) {
+            if (stored[i] !== baseKey[i])
+                return false;
+        }
+        return true;
+    }
+    deleteBaseKey(addr, msgId) {
+        this.baseKeys.delete(`${addr}:${msgId}`);
+    }
     keyToString(key) {
         return `${key.to}${MESSAGE_KEY_SEPARATOR}${key.id}`;
     }

package/lib/Utils/messages-media.js

@@ -217,7 +217,7 @@ export async function getAudioWaveform(buffer, logger) {
             const blockStart = blockSize * i; // the location of the first sample in the block
             let sum = 0;
             for (let j = 0; j < blockSize; j++) {
-                sum = sum + Math.abs(rawData[blockStart + j] ?? 0); // find the sum of all the samples in the block
+                sum = sum + Math.abs(rawData[blockStart + j]); // find the sum of all the samples in the block
             }
             filteredData.push(sum / blockSize); // divide the sum by the block size to get the average
         }
@@ -397,15 +397,27 @@ export const encryptedStream = async (media, mediaType, { logger, saveOriginalFi
         throw error;
     }
 };
-const DEF_HOST = 'mmg.whatsapp.net';
+export const DEF_MEDIA_HOST = 'mmg.whatsapp.net';
 const AES_CHUNK_SIZE = 16;
 const toSmallestChunkSize = (num) => {
     return Math.floor(num / AES_CHUNK_SIZE) * AES_CHUNK_SIZE;
 };
-export const getUrlFromDirectPath = (directPath) => `https://${DEF_HOST}${directPath}`;
+export const getUrlFromDirectPath = (directPath, host = DEF_MEDIA_HOST) => `https://${host}${directPath}`;
+const extractHost = (url) => {
+    if (!url)
+        return undefined;
+    try {
+        return new URL(url).host;
+    }
+    catch {
+        return undefined;
+    }
+};
 export const downloadContentFromMessage = async ({ mediaKey, directPath, url }, type, opts = {}) => {
-    const isValidMediaUrl = url?.startsWith('https://mmg.whatsapp.net/');
-    const downloadUrl = isValidMediaUrl ? url : getUrlFromDirectPath(directPath);
+    // Fallback host: explicit opt > host parsed from `url` > DEF_MEDIA_HOST.
+    // Lets us honor a non-default host carried by the proto without forcing callers to thread it through.
+    const fallbackHost = opts.host ?? extractHost(url);
+    const downloadUrl = directPath ? getUrlFromDirectPath(directPath, fallbackHost) : url;
     if (!downloadUrl) {
         throw new Boom('No valid media URL or directPath present in message', { statusCode: 400 });
     }
@@ -465,7 +477,7 @@ export const downloadEncryptedContent = async (downloadUrl, { cipherKey, iv }, {
     };
     const output = new Transform({
         transform(chunk, _, callback) {
-            let data = Buffer.concat([remainingBytes, chunk]);
+            let data = remainingBytes.length ? Buffer.concat([remainingBytes, chunk]) : chunk;
             const decryptLength = toSmallestChunkSize(data.length);
             remainingBytes = data.slice(decryptLength);
             data = data.slice(0, decryptLength);
@@ -584,8 +596,10 @@ const uploadWithFetch = async ({ url, filePath, headers, timeoutMs, agent }) =>
     // Convert Node.js Readable to Web ReadableStream
     const nodeStream = createReadStream(filePath);
     const webStream = Readable.toWeb(nodeStream);
+    // Native fetch only accepts Undici-style dispatchers, not generic https Agents.
+    const dispatcher = typeof agent?.dispatch === 'function' ? agent : undefined;
     const response = await fetch(url, {
-        dispatcher: agent,
+        ...(dispatcher ? { dispatcher } : {}),
         method: 'POST',
         body: webStream,
         headers,

package/lib/Utils/messages.js

@@ -133,7 +133,7 @@ export const prepareWAMessageMedia = async (message, options) => {
     }
     const requiresDurationComputation = mediaType === 'audio' && typeof uploadData.seconds === 'undefined';
     const requiresThumbnailComputation = (mediaType === 'image' || mediaType === 'video') && typeof uploadData['jpegThumbnail'] === 'undefined';
-    const requiresWaveformProcessing = mediaType === 'audio' && uploadData.ptt === true;
+    const requiresWaveformProcessing = mediaType === 'audio' && uploadData.ptt === true && typeof uploadData.waveform === 'undefined';
     const requiresAudioBackground = options.backgroundColor && mediaType === 'audio' && uploadData.ptt === true;
     const requiresOriginalForSomeProcessing = requiresDurationComputation || requiresThumbnailComputation;
     const { mediaKey, encFilePath, originalFilePath, fileEncSha256, fileSha256, fileLength } = await encryptedStream(uploadData.media, options.mediaTypeOverride || mediaType, {
@@ -460,6 +460,12 @@ export const generateWAMessageContent = async (message, options) => {
             }
         }
     }
+    else if (hasNonNullishProperty(message, 'album')) {
+        m.albumMessage = {
+            expectedImageCount: message.album.expectedImageCount,
+            expectedVideoCount: message.album.expectedVideoCount
+        };
+    }
     else if (hasNonNullishProperty(message, 'sharePhoneNumber')) {
         m.protocolMessage = {
             type: proto.Message.ProtocolMessage.Type.SHARE_PHONE_NUMBER
@@ -485,15 +491,23 @@ export const generateWAMessageContent = async (message, options) => {
     if (hasOptionalProperty(message, 'viewOnce') && !!message.viewOnce) {
         m = { viewOnceMessage: { message: m } };
     }
-    if (hasOptionalProperty(message, 'mentions') && message.mentions?.length) {
+    if ((hasOptionalProperty(message, 'mentions') && message.mentions?.length) ||
+        (hasOptionalProperty(message, 'mentionAll') && message.mentionAll)) {
         const messageType = Object.keys(m)[0];
         const key = m[messageType];
-        if ('contextInfo' in key && !!key.contextInfo) {
-            key.contextInfo.mentionedJid = message.mentions;
+        if (key && 'contextInfo' in key) {
+            key.contextInfo = key.contextInfo || {};
+            if (message.mentions?.length) {
+                key.contextInfo.mentionedJid = message.mentions;
+            }
+            if (message.mentionAll) {
+                key.contextInfo.nonJidMentions = 1;
+            }
         }
         else if (key) {
             key.contextInfo = {
-                mentionedJid: message.mentions
+                mentionedJid: message.mentions,
+                nonJidMentions: message.mentionAll ? 1 : 0
             };
         }
     }
@@ -517,6 +531,15 @@ export const generateWAMessageContent = async (message, options) => {
             key.contextInfo = message.contextInfo;
         }
     }
+    if (hasOptionalProperty(message, 'albumParentKey') && !!message.albumParentKey) {
+        m.messageContextInfo = {
+            ...m.messageContextInfo,
+            messageAssociation: {
+                associationType: WAProto.MessageAssociation.AssociationType.MEDIA_ALBUM,
+                parentMessageKey: message.albumParentKey
+            }
+        };
+    }
     if (shouldIncludeReportingToken(m)) {
         m.messageContextInfo = m.messageContextInfo || {};
         if (!m.messageContextInfo.messageSecret) {

package/lib/Utils/offline-node-processor.js

@@ -0,0 +1,40 @@
+/**
+ * Creates a processor for offline stanza nodes that:
+ * - Queues nodes for sequential processing
+ * - Yields to the event loop periodically to avoid blocking
+ * - Catches handler errors to prevent the processing loop from crashing
+ */
+export function makeOfflineNodeProcessor(nodeProcessorMap, deps, batchSize = 10) {
+    const nodes = [];
+    let isProcessing = false;
+    const enqueue = (type, node) => {
+        nodes.push({ type, node });
+        if (isProcessing) {
+            return;
+        }
+        isProcessing = true;
+        const promise = async () => {
+            let processedInBatch = 0;
+            while (nodes.length && deps.isWsOpen()) {
+                const { type, node } = nodes.shift();
+                const nodeProcessor = nodeProcessorMap.get(type);
+                if (!nodeProcessor) {
+                    deps.onUnexpectedError(new Error(`unknown offline node type: ${type}`), 'processing offline node');
+                    continue;
+                }
+                await nodeProcessor(node).catch(err => deps.onUnexpectedError(err, `processing offline ${type}`));
+                processedInBatch++;
+                // Yield to event loop after processing a batch
+                // This prevents blocking the event loop for too long when there are many offline nodes
+                if (processedInBatch >= batchSize) {
+                    processedInBatch = 0;
+                    await deps.yieldToEventLoop();
+                }
+            }
+            isProcessing = false;
+        };
+        promise().catch(error => deps.onUnexpectedError(error, 'processing offline nodes'));
+    };
+    return { enqueue };
+}
+//# sourceMappingURL=offline-node-processor.js.map

package/lib/Utils/process-message.js

@@ -1,3 +1,4 @@
+import { Boom } from '@hapi/boom';
 import { proto } from '../../WAProto/index.js';
 import { WAMessageStubType } from '../Types/index.js';
 import { getContentType, normalizeMessageContent } from '../Utils/messages.js';
@@ -5,6 +6,7 @@ import { areJidsSameUser, isHostedLidUser, isHostedPnUser, isJidBroadcast, isJid
 import { aesDecryptGCM, hmacSign } from './crypto.js';
 import { getKeyAuthor, toNumber } from './generics.js';
 import { downloadAndProcessHistorySyncNotification } from './history.js';
+import { buildMergedTcTokenIndexWrite, resolveTcTokenJid } from './tc-token-utils.js';
 const REAL_MSG_STUB_TYPES = new Set([
     WAMessageStubType.CALL_MISSED_GROUP_VIDEO,
     WAMessageStubType.CALL_MISSED_GROUP_VOICE,
@@ -12,6 +14,53 @@ const REAL_MSG_STUB_TYPES = new Set([
     WAMessageStubType.CALL_MISSED_VOICE
 ]);
 const REAL_MSG_REQ_ME_STUB_TYPES = new Set([WAMessageStubType.GROUP_PARTICIPANT_ADD]);
+async function storeTcTokensFromHistorySync(chats, signalRepository, keyStore, logger) {
+    const getLIDForPN = signalRepository.lidMapping.getLIDForPN.bind(signalRepository.lidMapping);
+    const candidates = [];
+    for (const chat of chats) {
+        const ts = chat.tcTokenTimestamp ? toNumber(chat.tcTokenTimestamp) : 0;
+        if (chat.tcToken?.length && ts > 0) {
+            const jid = jidNormalizedUser(chat.id);
+            const storageJid = await resolveTcTokenJid(jid, getLIDForPN);
+            candidates.push({
+                storageJid,
+                token: Buffer.from(chat.tcToken),
+                ts,
+                senderTs: chat.tcTokenSenderTimestamp ? toNumber(chat.tcTokenSenderTimestamp) : undefined
+            });
+        }
+    }
+    if (!candidates.length) {
+        return;
+    }
+    const jids = candidates.map(c => c.storageJid);
+    const existing = await keyStore.get('tctoken', jids);
+    const entries = {};
+    for (const c of candidates) {
+        const existingEntry = existing[c.storageJid];
+        const existingTs = existingEntry?.timestamp ? Number(existingEntry.timestamp) : 0;
+        if (existingTs > 0 && existingTs >= c.ts) {
+            continue;
+        }
+        entries[c.storageJid] = {
+            ...existingEntry,
+            token: c.token,
+            timestamp: String(c.ts),
+            ...(c.senderTs !== undefined ? { senderTimestamp: c.senderTs } : {})
+        };
+    }
+    if (Object.keys(entries).length) {
+        logger?.debug({ count: Object.keys(entries).length }, 'storing tctokens from history sync');
+        try {
+            // Include updated __index so cross-session pruning picks these JIDs up.
+            const indexWrite = await buildMergedTcTokenIndexWrite(keyStore, Object.keys(entries));
+            await keyStore.set({ tctoken: { ...entries, ...indexWrite } });
+        }
+        catch (err) {
+            logger?.warn({ err }, 'failed to store tctokens from history sync');
+        }
+    }
+}
 /** Cleans a received message to further processing */
 export const cleanMessage = (message, meId, meLid) => {
     // ensure remoteJid and participant doesn't have device or agent in it
@@ -73,7 +122,17 @@ export const shouldIncrementChatUnread = (message) => !message.key.fromMe && !me
  * Typically -- that'll be the remoteJid, but for broadcasts, it'll be the participant
  */
 export const getChatId = ({ remoteJid, participant, fromMe }) => {
+    if (!remoteJid) {
+        throw new Boom('Cannot derive chat id: message key is missing remoteJid', {
+            data: { remoteJid, participant, fromMe }
+        });
+    }
     if (isJidBroadcast(remoteJid) && !isJidStatusBroadcast(remoteJid) && !fromMe) {
+        if (!participant) {
+            throw new Boom('Cannot derive chat id: broadcast message key is missing participant', {
+                data: { remoteJid, fromMe }
+            });
+        }
         return participant;
     }
     return remoteJid;
@@ -146,6 +205,39 @@ const processMessage = async (message, { shouldProcessHistoryMsg, placeholderRes
     }
     const protocolMsg = content?.protocolMessage;
     if (protocolMsg) {
+        // Mirror whatsmeow's `handleProtocolMessage` guard, but applied only to
+        // the protocol message types that originate from our own device — an
+        // attacker could otherwise spoof any of these to manipulate local state.
+        //
+        // Self-only types (drop if `!fromMe`):
+        //   - HISTORY_SYNC_NOTIFICATION                 (our phone driving history sync)
+        //   - APP_STATE_SYNC_KEY_SHARE                  (key share between our devices)
+        //   - LID_MIGRATION_MAPPING_SYNC                (server-initiated via our phone)
+        //   - PEER_DATA_OPERATION_REQUEST_RESPONSE_MESSAGE (response from our phone to our PDO request)
+        //
+        // Cross-user types (must NOT be dropped — legitimately arrive from others):
+        //   - REVOKE
+        //   - MESSAGE_EDIT
+        //   - EPHEMERAL_SETTING
+        //   - GROUP_MEMBER_LABEL_CHANGE
+        //
+        // See https://github.com/tulir/whatsmeow/blob/8d3700152a/message.go#L842-L845
+        // for the reference architecture — whatsmeow's `handleProtocolMessage`
+        // only contains self-only types because edits are unwrapped from
+        // `EditedMessage` BEFORE this dispatch and revokes aren't routed here.
+        const SELF_ONLY_TYPES = new Set([
+            proto.Message.ProtocolMessage.Type.HISTORY_SYNC_NOTIFICATION,
+            proto.Message.ProtocolMessage.Type.APP_STATE_SYNC_KEY_SHARE,
+            proto.Message.ProtocolMessage.Type.LID_MIGRATION_MAPPING_SYNC,
+            proto.Message.ProtocolMessage.Type.PEER_DATA_OPERATION_REQUEST_RESPONSE_MESSAGE
+        ]);
+        if (protocolMsg.type !== null &&
+            protocolMsg.type !== undefined &&
+            SELF_ONLY_TYPES.has(protocolMsg.type) &&
+            !message.key.fromMe) {
+            logger?.warn({ msgId: message.key.id, type: protocolMsg.type, from: message.key.participant || message.key.remoteJid }, 'dropping spoofed self-only protocolMessage from non-self origin');
+            return;
+        }
         switch (protocolMsg.type) {
             case proto.Message.ProtocolMessage.Type.HISTORY_SYNC_NOTIFICATION:
                 const histNotification = protocolMsg.historySyncNotification;
@@ -174,9 +266,11 @@ const processMessage = async (message, { shouldProcessHistoryMsg, placeholderRes
                             .storeLIDPNMappings(data.lidPnMappings)
                             .catch(err => logger?.warn({ err }, 'failed to store LID-PN mappings from history sync'));
                     }
+                    await storeTcTokensFromHistorySync(data.chats, signalRepository, keyStore, logger);
                     ev.emit('messaging-history.set', {
                         ...data,
                         isLatest: histNotification.syncType !== proto.HistorySync.HistorySyncType.ON_DEMAND ? isLatest : undefined,
+                        chunkOrder: histNotification.chunkOrder,
                         peerDataRequestSessionId: histNotification.peerDataRequestSessionId
                     });
                 }
@@ -383,12 +477,19 @@ const processMessage = async (message, { shouldProcessHistoryMsg, placeholderRes
             id: jid,
             author: message.key.participant,
             authorPn: message.key.participantAlt,
+            authorUsername: message.key.participantUsername,
             participants,
             action
         });
         const emitGroupUpdate = (update) => {
             ev.emit('groups.update', [
-                { id: jid, ...update, author: message.key.participant ?? undefined, authorPn: message.key.participantAlt }
+                {
+                    id: jid,
+                    ...update,
+                    author: message.key.participant ?? undefined,
+                    authorPn: message.key.participantAlt,
+                    authorUsername: message.key.participantUsername
+                }
             ]);
         };
         const emitGroupRequestJoin = (participant, action, method) => {
@@ -396,6 +497,7 @@ const processMessage = async (message, { shouldProcessHistoryMsg, placeholderRes
                 id: jid,
                 author: message.key.participant,
                 authorPn: message.key.participantAlt,
+                authorUsername: message.key.participantUsername,
                 participant: participant.lid,
                 participantPn: participant.pn,
                 action,

package/lib/Utils/signal.js

@@ -55,6 +55,48 @@ export const xmppPreKey = (pair, id) => ({
         { tag: 'value', attrs: {}, content: pair.public }
     ]
 });
+const isValidUInt = (n) => typeof n === 'number' && Number.isInteger(n);
+export const extractE2ESessionFromRetryReceipt = (receipt) => {
+    const keysNode = getBinaryNodeChild(receipt, 'keys');
+    if (!keysNode)
+        return null;
+    const typeBuf = getBinaryNodeChildBuffer(keysNode, 'type');
+    if (!typeBuf || typeBuf.length !== 1 || typeBuf[0] !== KEY_BUNDLE_TYPE[0])
+        return null;
+    const identity = getBinaryNodeChildBuffer(keysNode, 'identity');
+    const skey = getBinaryNodeChild(keysNode, 'skey');
+    if (!identity || identity.length !== 32 || !skey)
+        return null;
+    const registrationId = getBinaryNodeChildUInt(receipt, 'registration', 4);
+    if (!isValidUInt(registrationId))
+        return null;
+    const signedPubKey = getBinaryNodeChildBuffer(skey, 'value');
+    const signedSig = getBinaryNodeChildBuffer(skey, 'signature');
+    const signedKeyId = getBinaryNodeChildUInt(skey, 'id', 3);
+    if (!signedPubKey || signedPubKey.length !== 32 || !signedSig || !isValidUInt(signedKeyId)) {
+        return null;
+    }
+    const preKeyNode = getBinaryNodeChild(keysNode, 'key');
+    let preKey;
+    if (preKeyNode) {
+        const preKeyPub = getBinaryNodeChildBuffer(preKeyNode, 'value');
+        const preKeyId = getBinaryNodeChildUInt(preKeyNode, 'id', 3);
+        if (!preKeyPub || preKeyPub.length !== 32 || !isValidUInt(preKeyId)) {
+            return null;
+        }
+        preKey = { keyId: preKeyId, publicKey: generateSignalPubKey(preKeyPub) };
+    }
+    return {
+        registrationId,
+        identityKey: generateSignalPubKey(identity),
+        signedPreKey: {
+            keyId: signedKeyId,
+            publicKey: generateSignalPubKey(signedPubKey),
+            signature: signedSig
+        },
+        preKey
+    };
+};
 export const parseAndInjectE2ESessions = async (node, repository) => {
     const extractKey = (key) => key
         ? {