@ryuu-reinzz/baileys 3.5.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +30 -25
  2. package/WAProto/fix-imports.js +22 -18
  3. package/WAProto/index.js +22 -18
  4. package/lib/Defaults/index.js +10 -9
  5. package/lib/Signal/libsignal.js +46 -19
  6. package/lib/Signal/lid-mapping.js +6 -0
  7. package/lib/Socket/chats.js +241 -39
  8. package/lib/Socket/groups.js +20 -0
  9. package/lib/Socket/messages-recv.js +736 -314
  10. package/lib/Socket/messages-send.js +279 -129
  11. package/lib/Socket/newsletter.js +2 -2
  12. package/lib/Socket/socket.js +56 -25
  13. package/lib/Types/{Newsletter.js → Mex.js} +9 -3
  14. package/lib/Types/State.js +43 -0
  15. package/lib/Types/index.js +1 -1
  16. package/lib/Utils/auth-utils.js +12 -0
  17. package/lib/Utils/chat-utils.js +80 -20
  18. package/lib/Utils/companion-reg-client-utils.js +35 -0
  19. package/lib/Utils/decode-wa-message.js +34 -0
  20. package/lib/Utils/event-buffer.js +49 -1
  21. package/lib/Utils/generics.js +12 -3
  22. package/lib/Utils/history.js +12 -9
  23. package/lib/Utils/identity-change-handler.js +1 -0
  24. package/lib/Utils/index.js +3 -1
  25. package/lib/Utils/link-preview.js +2 -2
  26. package/lib/Utils/message-retry-manager.js +40 -0
  27. package/lib/Utils/messages-media.js +21 -7
  28. package/lib/Utils/messages.js +28 -5
  29. package/lib/Utils/offline-node-processor.js +40 -0
  30. package/lib/Utils/process-message.js +103 -1
  31. package/lib/Utils/signal.js +42 -0
  32. package/lib/Utils/stanza-ack.js +38 -0
  33. package/lib/Utils/sync-action-utils.js +1 -0
  34. package/lib/Utils/tc-token-utils.js +149 -4
  35. package/lib/Utils/validate-connection.js +3 -0
  36. package/lib/WAUSync/Protocols/USyncContactProtocol.js +26 -3
  37. package/lib/WAUSync/Protocols/USyncUsernameProtocol.js +25 -0
  38. package/lib/WAUSync/Protocols/index.js +1 -0
  39. package/lib/WAUSync/USyncQuery.js +6 -2
  40. package/lib/WAUSync/USyncUser.js +8 -0
  41. package/package.json +39 -12
package/lib/Socket/messages-recv.js CHANGED
@@ -4,16 +4,24 @@ import { randomBytes } from 'crypto';
4
4
  import Long from 'long';
5
5
  import { proto } from '../../WAProto/index.js';
6
6
  import { DEFAULT_CACHE_TTLS, KEY_BUNDLE_TYPE, MIN_PREKEY_COUNT, PLACEHOLDER_MAX_AGE_SECONDS, STATUS_EXPIRY_SECONDS } from '../Defaults/index.js';
7
- import { WAMessageStatus, WAMessageStubType } from '../Types/index.js';
8
- import { aesDecryptCTR, aesEncryptGCM, cleanMessage, Curve, decodeMediaRetryNode, decodeMessageNode, decryptMessageNode, delay, derivePairingCodeKey, encodeBigEndian, encodeSignedDeviceIdentity, extractAddressingContext, getCallStatusFromNode, getHistoryMsg, getNextPreKeys, getStatusFromReceiptType, handleIdentityChange, hkdf, MISSING_KEYS_ERROR_TEXT, NACK_REASONS, NO_MESSAGE_FOUND_ERROR_TEXT, toNumber, unixTimestampSeconds, xmppPreKey, xmppSignedPreKey } from '../Utils/index.js';
7
+ import { ReachoutTimelockEnforcementType, WAMessageStatus, WAMessageStubType } from '../Types/index.js';
8
+ import { ACCOUNT_RESTRICTED_TEXT, aesDecryptCTR, aesEncryptGCM, cleanMessage, Curve, decodeMediaRetryNode, decodeMessageNode, decryptMessageNode, delay, derivePairingCodeKey, encodeBigEndian, encodeSignedDeviceIdentity, extractAddressingContext, extractE2ESessionFromRetryReceipt, getCallStatusFromNode, getHistoryMsg, getNextPreKeys, getStatusFromReceiptType, handleIdentityChange, hkdf, MISSING_KEYS_ERROR_TEXT, NACK_REASONS, NO_MESSAGE_FOUND_ERROR_TEXT, SERVER_ERROR_CODES, toNumber, unixTimestampSeconds, xmppPreKey, xmppSignedPreKey } from '../Utils/index.js';
9
9
  import { makeMutex } from '../Utils/make-mutex.js';
10
- import { areJidsSameUser, binaryNodeToString, getAllBinaryNodeChildren, getBinaryNodeChild, getBinaryNodeChildBuffer, getBinaryNodeChildren, getBinaryNodeChildString, isJidGroup, isJidNewsletter, isJidStatusBroadcast, isLidUser, isPnUser, jidDecode, jidNormalizedUser, S_WHATSAPP_NET } from '../WABinary/index.js';
10
+ import { makeOfflineNodeProcessor } from '../Utils/offline-node-processor.js';
11
+ import { buildAckStanza } from '../Utils/stanza-ack.js';
12
+ import { buildMergedTcTokenIndexWrite, isTcTokenExpired, readTcTokenIndex, resolveIssuanceJid, resolveTcTokenJid, storeTcTokensFromIqResult, TC_TOKEN_INDEX_KEY } from '../Utils/tc-token-utils.js';
13
+ import { areJidsSameUser, binaryNodeToString, getAllBinaryNodeChildren, getBinaryNodeChild, getBinaryNodeChildBuffer, getBinaryNodeChildren, getBinaryNodeChildString, getBinaryNodeChildUInt, isJidGroup, isJidNewsletter, isJidStatusBroadcast, isLidUser, isPnUser, jidDecode, jidNormalizedUser, S_WHATSAPP_NET } from '../WABinary/index.js';
11
14
  import { extractGroupMetadata } from './groups.js';
12
15
  import { makeMessagesSocket } from './messages-send.js';
16
+ const ENFORCEMENT_TYPE_VALUES = new Set(Object.values(ReachoutTimelockEnforcementType));
17
+ function isValidEnforcementType(value) {
18
+ return typeof value === 'string' && ENFORCEMENT_TYPE_VALUES.has(value);
19
+ }
13
20
  export const makeMessagesRecvSocket = (config) => {
14
21
  const { logger, retryRequestDelayMs, maxMsgRetryCount, getMessage, shouldIgnoreJid, enableAutoSessionRecreation } = config;
15
22
  const sock = makeMessagesSocket(config);
16
- const { ev, authState, ws, messageMutex, notificationMutex, receiptMutex, signalRepository, query, upsertMessage, resyncAppState, onUnexpectedError, assertSessions, sendNode, relayMessage, sendReceipt, uploadPreKeys, sendPeerDataOperationMessage, messageRetryManager } = sock;
23
+ const { userDevicesCache, devicesMutex, ev, authState, ws, messageMutex, notificationMutex, receiptMutex, signalRepository, query, upsertMessage, resyncAppState, onUnexpectedError, assertSessions, sendNode, relayMessage, sendReceipt, uploadPreKeys, sendPeerDataOperationMessage, messageRetryManager, registerSocketEndHandler, issuePrivacyTokens, fetchAccountReachoutTimelock, placeholderResendCache } = sock;
24
+ const getLIDForPN = signalRepository.lidMapping.getLIDForPN.bind(signalRepository.lidMapping);
17
25
  /** this mutex ensures that each retryRequest will wait for the previous one to finish */
18
26
  const retryMutex = makeMutex();
19
27
  const msgRetryCache = config.msgRetryCounterCache ||
@@ -26,11 +34,6 @@ export const makeMessagesRecvSocket = (config) => {
26
34
  stdTTL: DEFAULT_CACHE_TTLS.CALL_OFFER, // 5 mins
27
35
  useClones: false
28
36
  });
29
- const placeholderResendCache = config.placeholderResendCache ||
30
- new NodeCache({
31
- stdTTL: DEFAULT_CACHE_TTLS.MSG_RETRY, // 1 hour
32
- useClones: false
33
- });
34
37
  // Debounce identity-change session refreshes per JID to avoid bursts
35
38
  const identityAssertDebounce = new NodeCache({ stdTTL: 5, useClones: false });
36
39
  let sendActiveReceipts = false;
@@ -84,25 +87,140 @@ export const makeMessagesRecvSocket = (config) => {
84
87
  }, 8000);
85
88
  return sendPeerDataOperationMessage(pdoMessage);
86
89
  };
87
- // Handles mex newsletter notifications
88
- const handleMexNewsletterNotification = async (node) => {
90
+ const handleMexNotification = async (node) => {
91
+ const updateNode = getBinaryNodeChild(node, 'update');
92
+ if (updateNode) {
93
+ const opName = updateNode.attrs?.op_name;
94
+ if (!opName) {
95
+ logger.warn({ node: binaryNodeToString(node) }, 'mex notification missing op_name, fallback to legacy');
96
+ await handleLegacyMexNewsletterNotification(node);
97
+ return;
98
+ }
99
+ let mexResponse;
100
+ try {
101
+ mexResponse = JSON.parse(updateNode.content.toString());
102
+ }
103
+ catch (error) {
104
+ logger.error({ err: error, opName }, 'failed to parse mex notification JSON');
105
+ return;
106
+ }
107
+ if (mexResponse.errors?.length) {
108
+ logger.warn({ errors: mexResponse.errors, opName }, 'mex notification has GQL errors');
109
+ return;
110
+ }
111
+ const data = mexResponse.data;
112
+ if (!data) {
113
+ logger.warn({ opName }, 'mex notification has null data');
114
+ return;
115
+ }
116
+ logger.debug({ opName }, 'processing mex notification');
117
+ switch (opName) {
118
+ case 'NotificationUserReachoutTimelockUpdate':
119
+ handleReachoutTimelockNotification(data);
120
+ break;
121
+ case 'MessageCappingInfoNotification':
122
+ handleMessageCappingNotification(data);
123
+ break;
124
+ // newsletter ops still use the legacy <mex> child structure
125
+ case 'NotificationNewsletterUpdate':
126
+ case 'NotificationLinkedProfilesUpdates':
127
+ case 'NotificationNewsletterAdminPromote':
128
+ case 'NotificationNewsletterAdminDemote':
129
+ case 'NotificationNewsletterUserSettingChange':
130
+ case 'NotificationNewsletterJoin':
131
+ case 'NotificationNewsletterLeave':
132
+ case 'NotificationNewsletterStateChange':
133
+ case 'NotificationNewsletterAdminMetadataUpdate':
134
+ case 'NotificationNewsletterOwnerUpdate':
135
+ case 'NotificationNewsletterAdminInviteRevoke':
136
+ case 'NotificationNewsletterWamoSubStatusChange':
137
+ case 'NotificationNewsletterBlockUser':
138
+ case 'NotificationNewsletterPaidPartnership':
139
+ case 'NotificationNewsletterMilestone':
140
+ case 'NewsletterResponseStateUpdate':
141
+ await handleLegacyMexNewsletterNotification(node);
142
+ break;
143
+ default:
144
+ logger.debug({ opName }, 'unhandled mex notification');
145
+ break;
146
+ }
147
+ return;
148
+ }
149
+ await handleLegacyMexNewsletterNotification(node);
150
+ };
151
+ const handleReachoutTimelockNotification = (data) => {
152
+ const payload = data.xwa2_notify_account_reachout_timelock;
153
+ if (!payload) {
154
+ logger.warn('reachout timelock notification missing payload');
155
+ return;
156
+ }
157
+ if (!payload.is_active) {
158
+ logger.info('reachout timelock restriction lifted');
159
+ ev.emit('connection.update', {
160
+ reachoutTimeLock: {
161
+ isActive: false,
162
+ enforcementType: ReachoutTimelockEnforcementType.DEFAULT
163
+ }
164
+ });
165
+ return;
166
+ }
167
+ // WA Web defaults to now+60s when the server omits the expiry
168
+ const timeEnforcementEnds = payload.time_enforcement_ends
169
+ ? new Date(parseInt(payload.time_enforcement_ends, 10) * 1000)
170
+ : new Date(Date.now() + 60000);
171
+ const enforcementType = isValidEnforcementType(payload.enforcement_type)
172
+ ? payload.enforcement_type
173
+ : ReachoutTimelockEnforcementType.DEFAULT;
174
+ logger.info({ enforcementType, timeEnforcementEnds }, 'reachout timelock restriction set');
175
+ ev.emit('connection.update', {
176
+ reachoutTimeLock: {
177
+ isActive: true,
178
+ timeEnforcementEnds,
179
+ enforcementType
180
+ }
181
+ });
182
+ };
183
+ const handleMessageCappingNotification = (data) => {
184
+ const payload = data.xwa2_notify_new_chat_messages_capping_info_update;
185
+ if (!payload) {
186
+ logger.warn('message capping notification missing payload');
187
+ return;
188
+ }
189
+ logger.info({ payload }, 'received message capping update');
190
+ ev.emit('message-capping.update', payload);
191
+ };
192
+ const handleLegacyMexNewsletterNotification = async (node) => {
89
193
  const mexNode = getBinaryNodeChild(node, 'mex');
90
- if (!mexNode?.content) {
91
- logger.warn({ node }, 'Invalid mex newsletter notification');
194
+ const updateNode = mexNode?.content ? null : getBinaryNodeChild(node, 'update') || getAllBinaryNodeChildren(node)[0];
195
+ const payloadNode = mexNode?.content ? mexNode : updateNode;
196
+ if (!payloadNode?.content) {
197
+ logger.warn({ node: binaryNodeToString(node) }, 'invalid mex newsletter notification');
92
198
  return;
93
199
  }
94
200
  let data;
95
201
  try {
96
- data = JSON.parse(mexNode.content.toString());
202
+ const payloadContent = payloadNode.content;
203
+ if (Array.isArray(payloadContent)) {
204
+ logger.warn({ payloadNode }, 'invalid mex newsletter notification payload format');
205
+ return;
206
+ }
207
+ const contentBuf = typeof payloadContent === 'string' ? Buffer.from(payloadContent, 'binary') : Buffer.from(payloadContent);
208
+ data = JSON.parse(contentBuf.toString());
97
209
  }
98
210
  catch (error) {
99
- logger.error({ err: error, node }, 'Failed to parse mex newsletter notification');
211
+ logger.error({ err: error, node: binaryNodeToString(node) }, 'failed to parse mex newsletter notification');
100
212
  return;
101
213
  }
102
- const operation = data?.operation;
103
- const updates = data?.updates;
214
+ const operation = data?.operation ?? payloadNode?.attrs?.op_name;
215
+ let updates = data?.updates;
216
+ if (!updates) {
217
+ const linkedProfiles = data?.data?.xwa2_notify_linked_profiles;
218
+ if (linkedProfiles) {
219
+ updates = [linkedProfiles];
220
+ }
221
+ }
104
222
  if (!updates || !operation) {
105
- logger.warn({ data }, 'Invalid mex newsletter notification content');
223
+ logger.warn({ data }, 'invalid mex newsletter notification content');
106
224
  return;
107
225
  }
108
226
  logger.info({ operation, updates }, 'got mex newsletter notification');
@@ -130,119 +248,119 @@ export const makeMessagesRecvSocket = (config) => {
130
248
  }
131
249
  }
132
250
  break;
251
+ case 'NotificationLinkedProfilesUpdates':
252
+ for (const update of updates) {
253
+ const lid = update?.jid;
254
+ const addedProfiles = Array.isArray(update?.added_profiles) ? update.added_profiles : [];
255
+ const mappings = [];
256
+ for (const profile of addedProfiles) {
257
+ const pn = typeof profile === 'string' ? profile : (profile?.pn ?? profile?.jid ?? null);
258
+ if (lid && pn) {
259
+ const mapping = { lid, pn };
260
+ ev.emit('lid-mapping.update', mapping);
261
+ mappings.push(mapping);
262
+ }
263
+ }
264
+ await signalRepository.lidMapping.storeLIDPNMappings(mappings);
265
+ }
266
+ break;
133
267
  default:
134
- logger.info({ operation, data }, 'Unhandled mex newsletter notification');
268
+ logger.info({ operation, data }, 'unhandled mex newsletter notification');
135
269
  break;
136
270
  }
137
271
  };
138
272
  // Handles newsletter notifications
139
273
  const handleNewsletterNotification = async (node) => {
140
274
  const from = node.attrs.from;
141
- const child = getAllBinaryNodeChildren(node)[0];
275
+ const children = getAllBinaryNodeChildren(node);
142
276
  const author = node.attrs.participant;
143
- logger.info({ from, child }, 'got newsletter notification');
144
- switch (child.tag) {
145
- case 'reaction':
146
- const reactionUpdate = {
147
- id: from,
148
- server_id: child.attrs.message_id,
149
- reaction: {
150
- code: getBinaryNodeChildString(child, 'reaction'),
151
- count: 1
152
- }
153
- };
154
- ev.emit('newsletter.reaction', reactionUpdate);
155
- break;
156
- case 'view':
157
- const viewUpdate = {
158
- id: from,
159
- server_id: child.attrs.message_id,
160
- count: parseInt(child.content?.toString() || '0', 10)
161
- };
162
- ev.emit('newsletter.view', viewUpdate);
163
- break;
164
- case 'participant':
165
- const participantUpdate = {
166
- id: from,
167
- author,
168
- user: child.attrs.jid,
169
- action: child.attrs.action,
170
- new_role: child.attrs.role
171
- };
172
- ev.emit('newsletter-participants.update', participantUpdate);
173
- break;
174
- case 'update':
175
- const settingsNode = getBinaryNodeChild(child, 'settings');
176
- if (settingsNode) {
177
- const update = {};
178
- const nameNode = getBinaryNodeChild(settingsNode, 'name');
179
- if (nameNode?.content)
180
- update.name = nameNode.content.toString();
181
- const descriptionNode = getBinaryNodeChild(settingsNode, 'description');
182
- if (descriptionNode?.content)
183
- update.description = descriptionNode.content.toString();
184
- ev.emit('newsletter-settings.update', {
277
+ for (const child of children) {
278
+ logger.debug({ from, child }, 'got newsletter notification');
279
+ switch (child.tag) {
280
+ case 'reaction': {
281
+ const reactionUpdate = {
185
282
  id: from,
186
- update
187
- });
283
+ server_id: child.attrs.message_id,
284
+ reaction: {
285
+ code: getBinaryNodeChildString(child, 'reaction'),
286
+ count: 1
287
+ }
288
+ };
289
+ ev.emit('newsletter.reaction', reactionUpdate);
290
+ break;
188
291
  }
189
- break;
190
- case 'message':
191
- const plaintextNode = getBinaryNodeChild(child, 'plaintext');
192
- if (plaintextNode?.content) {
193
- try {
194
- const contentBuf = typeof plaintextNode.content === 'string'
195
- ? Buffer.from(plaintextNode.content, 'binary')
196
- : Buffer.from(plaintextNode.content);
197
- const messageProto = proto.Message.decode(contentBuf).toJSON();
198
- const fullMessage = proto.WebMessageInfo.fromObject({
199
- key: {
200
- remoteJid: from,
201
- id: child.attrs.message_id || child.attrs.server_id,
202
- fromMe: false // TODO: is this really true though
203
- },
204
- message: messageProto,
205
- messageTimestamp: +child.attrs.t
206
- }).toJSON();
207
- await upsertMessage(fullMessage, 'append');
208
- logger.info('Processed plaintext newsletter message');
292
+ case 'view': {
293
+ const viewUpdate = {
294
+ id: from,
295
+ server_id: child.attrs.message_id,
296
+ count: parseInt(child.content?.toString() || '0', 10)
297
+ };
298
+ ev.emit('newsletter.view', viewUpdate);
299
+ break;
300
+ }
301
+ case 'participant': {
302
+ const participantUpdate = {
303
+ id: from,
304
+ author,
305
+ user: child.attrs.jid,
306
+ action: child.attrs.action,
307
+ new_role: child.attrs.role
308
+ };
309
+ ev.emit('newsletter-participants.update', participantUpdate);
310
+ break;
311
+ }
312
+ case 'update': {
313
+ const settingsNode = getBinaryNodeChild(child, 'settings');
314
+ if (settingsNode) {
315
+ const update = {};
316
+ const nameNode = getBinaryNodeChild(settingsNode, 'name');
317
+ if (nameNode?.content)
318
+ update.name = nameNode.content.toString();
319
+ const descriptionNode = getBinaryNodeChild(settingsNode, 'description');
320
+ if (descriptionNode?.content)
321
+ update.description = descriptionNode.content.toString();
322
+ ev.emit('newsletter-settings.update', {
323
+ id: from,
324
+ update
325
+ });
209
326
  }
210
- catch (error) {
211
- logger.error({ error }, 'Failed to decode plaintext newsletter message');
327
+ break;
328
+ }
329
+ case 'message': {
330
+ const plaintextNode = getBinaryNodeChild(child, 'plaintext');
331
+ if (plaintextNode?.content) {
332
+ try {
333
+ const contentBuf = typeof plaintextNode.content === 'string'
334
+ ? Buffer.from(plaintextNode.content, 'binary')
335
+ : Buffer.from(plaintextNode.content);
336
+ const messageProto = proto.Message.decode(contentBuf).toJSON();
337
+ const fullMessage = proto.WebMessageInfo.fromObject({
338
+ key: {
339
+ remoteJid: from,
340
+ id: child.attrs.message_id || child.attrs.server_id,
341
+ fromMe: false // TODO: is this really true though
342
+ },
343
+ message: messageProto,
344
+ messageTimestamp: +child.attrs.t
345
+ }).toJSON();
346
+ await upsertMessage(fullMessage, 'append');
347
+ logger.debug('Processed plaintext newsletter message');
348
+ }
349
+ catch (error) {
350
+ logger.error({ error }, 'Failed to decode plaintext newsletter message');
351
+ }
212
352
  }
353
+ break;
213
354
  }
214
- break;
215
- default:
216
- logger.warn({ node }, 'Unknown newsletter notification');
217
- break;
218
- }
219
- };
220
- const sendMessageAck = async ({ tag, attrs, content }, errorCode) => {
221
- const stanza = {
222
- tag: 'ack',
223
- attrs: {
224
- id: attrs.id,
225
- to: attrs.from,
226
- class: tag
355
+ default:
356
+ logger.warn({ node, child }, 'Unknown newsletter notification child');
357
+ break;
227
358
  }
228
- };
229
- if (!!errorCode) {
230
- stanza.attrs.error = errorCode.toString();
231
- }
232
- if (!!attrs.participant) {
233
- stanza.attrs.participant = attrs.participant;
234
- }
235
- if (!!attrs.recipient) {
236
- stanza.attrs.recipient = attrs.recipient;
237
- }
238
- if (!!attrs.type &&
239
- (tag !== 'message' || getBinaryNodeChild({ tag, attrs, content }, 'unavailable') || errorCode !== 0)) {
240
- stanza.attrs.type = attrs.type;
241
359
  }
242
- if (tag === 'message' && getBinaryNodeChild({ tag, attrs, content }, 'unavailable')) {
243
- stanza.attrs.from = authState.creds.me.id;
244
- }
245
- logger.debug({ recv: { tag, attrs }, sent: stanza.attrs }, 'sent ack');
360
+ };
361
+ const sendMessageAck = async (node, errorCode) => {
362
+ const stanza = buildAckStanza(node, errorCode, authState.creds.me.id);
363
+ logger.debug({ recv: { tag: node.tag, attrs: node.attrs }, sent: stanza.attrs }, 'sent ack');
246
364
  await sendNode(stanza);
247
365
  };
248
366
  const rejectCall = async (callId, callFrom) => {
@@ -397,15 +515,58 @@ export const makeMessagesRecvSocket = (config) => {
397
515
  logger.info({ msgAttrs: node.attrs, retryCount }, 'sent retry receipt');
398
516
  }, authState?.creds?.me?.id || 'sendRetryRequest');
399
517
  };
518
+ // Mirrors WAWeb/Handle/PreKeyLow.js: skip a re-issued notification with the same stanza id.
519
+ const inFlightPreKeyLow = new Set();
520
+ /**
521
+ * Fire-and-forget tctoken re-issuance after a peer's device identity changed.
522
+ * Mirrors WAWebSendTcTokenWhenDeviceIdentityChange — runs in parallel with
523
+ * the session refresh (not after it).
524
+ */
525
+ const reissueTcTokenAfterIdentityChange = (from) => {
526
+ void (async () => {
527
+ const normalizedJid = jidNormalizedUser(from);
528
+ const tcJid = await resolveTcTokenJid(normalizedJid, getLIDForPN);
529
+ const tcTokenData = await authState.keys.get('tctoken', [tcJid]);
530
+ const senderTs = tcTokenData?.[tcJid]?.senderTimestamp;
531
+ if (senderTs === null || senderTs === undefined || isTcTokenExpired(senderTs)) {
532
+ return;
533
+ }
534
+ logger.debug({ jid: normalizedJid, senderTimestamp: senderTs }, 'identity changed, re-issuing tctoken');
535
+ const getPNForLID = signalRepository.lidMapping.getPNForLID.bind(signalRepository.lidMapping);
536
+ const issueJid = await resolveIssuanceJid(normalizedJid, sock.serverProps.lidTrustedTokenIssueToLid, getLIDForPN, getPNForLID);
537
+ const result = await issuePrivacyTokens([issueJid], senderTs);
538
+ await storeTcTokensFromIqResult({
539
+ result,
540
+ fallbackJid: tcJid,
541
+ keys: authState.keys,
542
+ getLIDForPN,
543
+ onNewJidStored: trackTcTokenJid
544
+ });
545
+ })().catch(err => {
546
+ logger.debug({ jid: from, err: err?.message }, 'failed to re-issue tctoken after identity change');
547
+ });
548
+ };
400
549
  const handleEncryptNotification = async (node) => {
401
550
  const from = node.attrs.from;
402
551
  if (from === S_WHATSAPP_NET) {
552
+ const stanzaId = node.attrs.id;
553
+ if (stanzaId && inFlightPreKeyLow.has(stanzaId)) {
554
+ return;
555
+ }
403
556
  const countChild = getBinaryNodeChild(node, 'count');
404
557
  const count = +countChild.attrs.value;
405
558
  const shouldUploadMorePreKeys = count < MIN_PREKEY_COUNT;
406
559
  logger.debug({ count, shouldUploadMorePreKeys }, 'recv pre-key count');
407
560
  if (shouldUploadMorePreKeys) {
408
- await uploadPreKeys();
561
+ if (stanzaId)
562
+ inFlightPreKeyLow.add(stanzaId);
563
+ try {
564
+ await uploadPreKeys();
565
+ }
566
+ finally {
567
+ if (stanzaId)
568
+ inFlightPreKeyLow.delete(stanzaId);
569
+ }
409
570
  }
410
571
  }
411
572
  else {
@@ -415,7 +576,8 @@ export const makeMessagesRecvSocket = (config) => {
415
576
  validateSession: signalRepository.validateSession,
416
577
  assertSessions,
417
578
  debounceCache: identityAssertDebounce,
418
- logger
579
+ logger,
580
+ onBeforeSessionRefresh: reissueTcTokenAfterIdentityChange
419
581
  });
420
582
  if (result.action === 'no_identity_node') {
421
583
  logger.info({ node }, 'unknown encrypt notification');
@@ -426,6 +588,7 @@ export const makeMessagesRecvSocket = (config) => {
426
588
  // TODO: Support PN/LID (Here is only LID now)
427
589
  const actingParticipantLid = fullNode.attrs.participant;
428
590
  const actingParticipantPn = fullNode.attrs.participant_pn;
591
+ const actingParticipantUsername = fullNode.attrs.participant_username;
429
592
  const affectedParticipantLid = getBinaryNodeChild(child, 'participant')?.attrs?.jid || actingParticipantLid;
430
593
  const affectedParticipantPn = getBinaryNodeChild(child, 'participant')?.attrs?.phone_number || actingParticipantPn;
431
594
  switch (child?.tag) {
@@ -445,7 +608,8 @@ export const makeMessagesRecvSocket = (config) => {
445
608
  {
446
609
  ...metadata,
447
610
  author: actingParticipantLid,
448
- authorPn: actingParticipantPn
611
+ authorPn: actingParticipantPn,
612
+ authorUsername: actingParticipantUsername
449
613
  }
450
614
  ]);
451
615
  break;
@@ -476,6 +640,7 @@ export const makeMessagesRecvSocket = (config) => {
476
640
  id: attrs.jid,
477
641
  phoneNumber: isLidUser(attrs.jid) && isPnUser(attrs.phone_number) ? attrs.phone_number : undefined,
478
642
  lid: isPnUser(attrs.jid) && isLidUser(attrs.lid) ? attrs.lid : undefined,
643
+ username: attrs.participant_username || attrs.username || undefined,
479
644
  admin: (attrs.type || null)
480
645
  };
481
646
  });
@@ -545,6 +710,89 @@ export const makeMessagesRecvSocket = (config) => {
545
710
  break;
546
711
  }
547
712
  };
713
+ const handleDevicesNotification = async (node) => {
714
+ const [child] = getAllBinaryNodeChildren(node);
715
+ const from = jidNormalizedUser(node.attrs.from);
716
+ if (!child) {
717
+ logger.debug({ from }, 'devices notification missing child, skipping');
718
+ return;
719
+ }
720
+ const tag = child.tag;
721
+ const deviceHash = child.attrs.device_hash;
722
+ const devices = getBinaryNodeChildren(child, 'device');
723
+ if (areJidsSameUser(from, authState.creds.me.id) || areJidsSameUser(from, authState.creds.me.lid)) {
724
+ const deviceJids = devices.map(d => d.attrs.jid);
725
+ logger.info({ deviceJids }, 'got my own devices');
726
+ }
727
+ if (!devices.length) {
728
+ logger.debug({ from, tag }, 'no devices in notification, skipping');
729
+ return;
730
+ }
731
+ const decoded = [];
732
+ for (const d of devices) {
733
+ const jid = d.attrs.jid;
734
+ if (!jid)
735
+ continue;
736
+ const parts = jidDecode(jid);
737
+ if (!parts) {
738
+ logger.debug({ jid }, 'failed to decode device jid, skipping');
739
+ continue;
740
+ }
741
+ decoded.push({ jid, user: parts.user, server: parts.server, device: parts.device });
742
+ }
743
+ if (!decoded.length)
744
+ return;
745
+ await devicesMutex.mutex(async () => {
746
+ const byUser = new Map();
747
+ for (const d of decoded) {
748
+ const list = byUser.get(d.user) || [];
749
+ list.push(d);
750
+ byUser.set(d.user, list);
751
+ }
752
+ for (const [user, entries] of byUser) {
753
+ if (tag === 'update') {
754
+ logger.debug({ user }, `${user}'s device list updated, dropping cached devices`);
755
+ await userDevicesCache?.del(user);
756
+ continue;
757
+ }
758
+ if (tag === 'remove') {
759
+ await signalRepository.deleteSession(entries.map(e => e.jid));
760
+ }
761
+ const existingCache = (await userDevicesCache?.get(user)) || [];
762
+ if (!existingCache.length) {
763
+ // No baseline yet; skip applying the delta so getUSyncDevices can
764
+ // later fetch the full device list. Caching just the notification
765
+ // entries would make a partial list look authoritative.
766
+ logger.debug({ user, tag }, 'device list not cached, deferring to USync refresh');
767
+ continue;
768
+ }
769
+ const affected = new Set(entries.map(e => e.device));
770
+ let updatedDevices;
771
+ switch (tag) {
772
+ case 'add':
773
+ logger.info({ deviceHash, count: entries.length }, 'devices added');
774
+ updatedDevices = [
775
+ ...existingCache.filter(d => !affected.has(d.device)),
776
+ ...entries.map(e => ({ user: e.user, server: e.server, device: e.device }))
777
+ ];
778
+ break;
779
+ case 'remove':
780
+ logger.info({ deviceHash, count: entries.length }, 'devices removed');
781
+ updatedDevices = existingCache.filter(d => !affected.has(d.device));
782
+ break;
783
+ default:
784
+ logger.debug({ tag }, 'Unknown device list change tag');
785
+ continue;
786
+ }
787
+ if (updatedDevices.length === 0) {
788
+ await userDevicesCache?.del(user);
789
+ }
790
+ else {
791
+ await userDevicesCache?.set(user, updatedDevices);
792
+ }
793
+ }
794
+ });
795
+ };
548
796
  const processNotification = async (node) => {
549
797
  const result = {};
550
798
  const [child] = getAllBinaryNodeChildren(node);
@@ -555,7 +803,7 @@ export const makeMessagesRecvSocket = (config) => {
555
803
  await handleNewsletterNotification(node);
556
804
  break;
557
805
  case 'mex':
558
- await handleMexNewsletterNotification(node);
806
+ await handleMexNotification(node);
559
807
  break;
560
808
  case 'w:gp2':
561
809
  // TODO: HANDLE PARTICIPANT_PN
@@ -569,13 +817,12 @@ export const makeMessagesRecvSocket = (config) => {
569
817
  await handleEncryptNotification(node);
570
818
  break;
571
819
  case 'devices':
572
- const devices = getBinaryNodeChildren(child, 'device');
573
- if (areJidsSameUser(child.attrs.jid, authState.creds.me.id) ||
574
- areJidsSameUser(child.attrs.lid, authState.creds.me.lid)) {
575
- const deviceData = devices.map(d => ({ id: d.attrs.jid, lid: d.attrs.lid }));
576
- logger.info({ deviceData }, 'my own devices changed');
820
+ try {
821
+ await handleDevicesNotification(node);
822
+ }
823
+ catch (error) {
824
+ logger.error({ error, node }, 'failed to handle devices notification');
577
825
  }
578
- //TODO: drop a new event, add hashes
579
826
  break;
580
827
  case 'server_sync':
581
828
  const update = getBinaryNodeChild(node, 'collection');
@@ -701,27 +948,70 @@ export const makeMessagesRecvSocket = (config) => {
701
948
  return result;
702
949
  }
703
950
  };
951
+ /**
952
+ * In-memory cache of storage JIDs with stored tctokens, seeded from the persisted index.
953
+ * Used to coalesce writes during a session; pruning always re-reads the persisted index
954
+ * to cover writes made by other layers (e.g. history sync).
955
+ */
956
+ const tcTokenKnownJids = new Set();
957
+ const tcTokenIndexLoaded = (async () => {
958
+ try {
959
+ const jids = await readTcTokenIndex(authState.keys);
960
+ for (const jid of jids)
961
+ tcTokenKnownJids.add(jid);
962
+ logger.debug({ count: tcTokenKnownJids.size }, 'loaded tctoken index');
963
+ }
964
+ catch (err) {
965
+ logger.warn({ err: err?.message }, 'failed to load tctoken index');
966
+ }
967
+ })();
968
+ let tcTokenIndexTimer;
969
+ async function flushTcTokenIndex() {
970
+ if (tcTokenIndexTimer) {
971
+ clearTimeout(tcTokenIndexTimer);
972
+ tcTokenIndexTimer = undefined;
973
+ }
974
+ // Merge with whatever is already persisted so we don't clobber writes from other
975
+ // paths (history sync, concurrent sessions on the same store).
976
+ const write = await buildMergedTcTokenIndexWrite(authState.keys, tcTokenKnownJids);
977
+ return authState.keys.set({ tctoken: write });
978
+ }
979
+ function scheduleTcTokenIndexSave() {
980
+ if (tcTokenIndexTimer) {
981
+ clearTimeout(tcTokenIndexTimer);
982
+ }
983
+ tcTokenIndexTimer = setTimeout(() => {
984
+ tcTokenIndexTimer = undefined;
985
+ flushTcTokenIndex().catch(err => {
986
+ logger.warn({ err: err?.message }, 'failed to save tctoken index');
987
+ });
988
+ }, 5000);
989
+ }
990
+ function trackTcTokenJid(jid) {
991
+ if (jid && jid !== TC_TOKEN_INDEX_KEY && !tcTokenKnownJids.has(jid)) {
992
+ tcTokenKnownJids.add(jid);
993
+ scheduleTcTokenIndexSave();
994
+ }
995
+ }
704
996
  const handlePrivacyTokenNotification = async (node) => {
705
997
  const tokensNode = getBinaryNodeChild(node, 'tokens');
706
- const from = jidNormalizedUser(node.attrs.from);
707
998
  if (!tokensNode)
708
999
  return;
709
- const tokenNodes = getBinaryNodeChildren(tokensNode, 'token');
710
- for (const tokenNode of tokenNodes) {
711
- const { attrs, content } = tokenNode;
712
- const type = attrs.type;
713
- const timestamp = attrs.t;
714
- if (type === 'trusted_contact' && content instanceof Buffer) {
715
- logger.debug({
716
- from,
717
- timestamp,
718
- tcToken: content
719
- }, 'received trusted contact token');
720
- await authState.keys.set({
721
- tctoken: { [from]: { token: content, timestamp } }
722
- });
723
- }
724
- }
1000
+ const from = jidNormalizedUser(node.attrs.from);
1001
+ // WA Web uses: senderLid ?? toLid(from) for the storage key
1002
+ // The sender_lid attribute provides the LID directly when available
1003
+ const senderLid = node.attrs.sender_lid && isLidUser(jidNormalizedUser(node.attrs.sender_lid))
1004
+ ? jidNormalizedUser(node.attrs.sender_lid)
1005
+ : undefined;
1006
+ const fallbackJid = senderLid ?? (await resolveTcTokenJid(from, getLIDForPN));
1007
+ logger.debug({ from, storageJid: fallbackJid }, 'processing privacy token notification');
1008
+ await storeTcTokensFromIqResult({
1009
+ result: node,
1010
+ fallbackJid,
1011
+ keys: authState.keys,
1012
+ getLIDForPN,
1013
+ onNewJidStored: trackTcTokenJid
1014
+ });
725
1015
  };
726
1016
  async function decipherLinkPublicKey(data) {
727
1017
  const buffer = toRequiredBuffer(data);
@@ -747,10 +1037,11 @@ export const makeMessagesRecvSocket = (config) => {
747
1037
  const newValue = ((await msgRetryCache.get(key)) || 0) + 1;
748
1038
  await msgRetryCache.set(key, newValue);
749
1039
  };
750
- const sendMessagesAgain = async (key, ids, retryNode) => {
1040
+ const sendMessagesAgain = async (key, ids, retryNode, receiptNode) => {
751
1041
  const remoteJid = key.remoteJid;
752
1042
  const participant = key.participant || remoteJid;
753
1043
  const retryCount = +retryNode.attrs.count || 1;
1044
+ const msgId = ids[0];
754
1045
  // Try to get messages from cache first, then fallback to getMessage
755
1046
  const msgs = [];
756
1047
  for (const id of ids) {
@@ -782,12 +1073,49 @@ export const makeMessagesRecvSocket = (config) => {
782
1073
  // just re-send the message to everyone
783
1074
  // prevents the first message decryption failure
784
1075
  const sendToAll = !jidDecode(participant)?.device;
785
- // Check if we should recreate session for this retry
1076
+ const sessionId = signalRepository.jidToSignalProtocolAddress(participant);
1077
+ let injectedFromBundle = false;
1078
+ const bundle = extractE2ESessionFromRetryReceipt(receiptNode);
1079
+ if (bundle) {
1080
+ try {
1081
+ await signalRepository.injectE2ESession({ jid: participant, session: bundle });
1082
+ injectedFromBundle = true;
1083
+ logger.debug({ participant, retryCount }, 'injected session from retry receipt key bundle');
1084
+ }
1085
+ catch (error) {
1086
+ logger.warn({ error, participant }, 'failed to inject session from retry receipt');
1087
+ }
1088
+ }
1089
+ if (!injectedFromBundle) {
1090
+ const receivedRegId = getBinaryNodeChildUInt(receiptNode, 'registration', 4);
1091
+ if (typeof receivedRegId === 'number' && Number.isInteger(receivedRegId)) {
1092
+ const info = await signalRepository.getSessionInfo(participant);
1093
+ if (info && info.registrationId !== 0 && info.registrationId !== receivedRegId) {
1094
+ logger.info({ participant, stored: info.registrationId, received: receivedRegId }, 'reg id mismatch on retry without bundle, deleting session');
1095
+ await authState.keys.set({ session: { [sessionId]: null } });
1096
+ }
1097
+ }
1098
+ }
1099
+ const BASE_KEY_CHECK_RETRY = 2;
1100
+ if (msgId && messageRetryManager) {
1101
+ const info = await signalRepository.getSessionInfo(participant);
1102
+ if (info) {
1103
+ if (retryCount === BASE_KEY_CHECK_RETRY) {
1104
+ messageRetryManager.saveBaseKey(sessionId, msgId, info.baseKey);
1105
+ }
1106
+ else if (retryCount > BASE_KEY_CHECK_RETRY) {
1107
+ if (messageRetryManager.hasSameBaseKey(sessionId, msgId, info.baseKey)) {
1108
+ logger.warn({ participant, retryCount }, 'base key collision on retry, forcing fresh session');
1109
+ await authState.keys.set({ session: { [sessionId]: null } });
1110
+ }
1111
+ messageRetryManager.deleteBaseKey(sessionId, msgId);
1112
+ }
1113
+ }
1114
+ }
786
1115
  let shouldRecreateSession = false;
787
1116
  let recreateReason = '';
788
- if (enableAutoSessionRecreation && messageRetryManager && retryCount > 1) {
1117
+ if (enableAutoSessionRecreation && messageRetryManager && retryCount > 1 && !injectedFromBundle) {
789
1118
  try {
790
- const sessionId = signalRepository.jidToSignalProtocolAddress(participant);
791
1119
  const hasSession = await signalRepository.validateSession(participant);
792
1120
  const result = messageRetryManager.shouldRecreateSession(participant, hasSession.exists);
793
1121
  shouldRecreateSession = result.recreate;
@@ -801,11 +1129,13 @@ export const makeMessagesRecvSocket = (config) => {
801
1129
  logger.warn({ error, participant }, 'failed to check session recreation for outgoing retry');
802
1130
  }
803
1131
  }
804
- await assertSessions([participant], true);
1132
+ if (!injectedFromBundle) {
1133
+ await assertSessions([participant], true);
1134
+ }
805
1135
  if (isJidGroup(remoteJid)) {
806
1136
  await authState.keys.set({ 'sender-key-memory': { [remoteJid]: null } });
807
1137
  }
808
- logger.debug({ participant, sendToAll, shouldRecreateSession, recreateReason }, 'forced new session for retry recp');
1138
+ logger.debug({ participant, sendToAll, shouldRecreateSession, recreateReason, injectedFromBundle }, 'prepared session for retry resend');
809
1139
  for (const [i, msg] of msgs.entries()) {
810
1140
  if (!ids[i])
811
1141
  continue;
@@ -840,11 +1170,6 @@ export const makeMessagesRecvSocket = (config) => {
840
1170
  fromMe,
841
1171
  participant: attrs.participant
842
1172
  };
843
- if (shouldIgnoreJid(remoteJid) && remoteJid !== S_WHATSAPP_NET) {
844
- logger.debug({ remoteJid }, 'ignoring receipt from jid');
845
- await sendMessageAck(node);
846
- return;
847
- }
848
1173
  const ids = [attrs.id];
849
1174
  if (Array.isArray(content)) {
850
1175
  const items = getBinaryNodeChildren(content[0], 'item');
@@ -886,7 +1211,7 @@ export const makeMessagesRecvSocket = (config) => {
886
1211
  try {
887
1212
  await updateSendMessageAgainCount(ids[0], key.participant);
888
1213
  logger.debug({ attrs, key }, 'recv retry request');
889
- await sendMessagesAgain(key, ids, retryNode);
1214
+ await sendMessagesAgain(key, ids, retryNode, node);
890
1215
  }
891
1216
  catch (error) {
892
1217
  logger.error({ key, ids, trace: error instanceof Error ? error.stack : 'Unknown error' }, 'error in sending message again');
@@ -904,16 +1229,11 @@ export const makeMessagesRecvSocket = (config) => {
904
1229
  ]);
905
1230
  }
906
1231
  finally {
907
- await sendMessageAck(node);
1232
+ await sendMessageAck(node).catch(ackErr => logger.error({ ackErr }, 'failed to ack receipt'));
908
1233
  }
909
1234
  };
910
1235
  const handleNotification = async (node) => {
911
1236
  const remoteJid = node.attrs.from;
912
- if (shouldIgnoreJid(remoteJid) && remoteJid !== S_WHATSAPP_NET) {
913
- logger.debug({ remoteJid, id: node.attrs.id }, 'ignored notification');
914
- await sendMessageAck(node);
915
- return;
916
- }
917
1237
  try {
918
1238
  await Promise.all([
919
1239
  notificationMutex.mutex(async () => {
@@ -926,6 +1246,7 @@ export const makeMessagesRecvSocket = (config) => {
926
1246
  fromMe,
927
1247
  participant: node.attrs.participant,
928
1248
  participantAlt,
1249
+ participantUsername: node.attrs.participant_username,
929
1250
  addressingMode,
930
1251
  id: node.attrs.id,
931
1252
  ...(msg.key || {})
@@ -939,15 +1260,10 @@ export const makeMessagesRecvSocket = (config) => {
939
1260
  ]);
940
1261
  }
941
1262
  finally {
942
- await sendMessageAck(node);
1263
+ await sendMessageAck(node).catch(ackErr => logger.error({ ackErr }, 'failed to ack notification'));
943
1264
  }
944
1265
  };
945
1266
  const handleMessage = async (node) => {
946
- if (shouldIgnoreJid(node.attrs.from) && node.attrs.from !== S_WHATSAPP_NET) {
947
- logger.debug({ key: node.attrs.key }, 'ignored message');
948
- await sendMessageAck(node, NACK_REASONS.UnhandledError);
949
- return;
950
- }
951
1267
  const encNode = getBinaryNodeChild(node, 'enc');
952
1268
  // TODO: temporary fix for crashes and issues resulting of failed msmsg decryption
953
1269
  if (encNode?.attrs.type === 'msmsg') {
@@ -955,36 +1271,34 @@ export const makeMessagesRecvSocket = (config) => {
955
1271
  await sendMessageAck(node, NACK_REASONS.MissingMessageSecret);
956
1272
  return;
957
1273
  }
958
- const { fullMessage: msg, category, author, decrypt } = decryptMessageNode(node, authState.creds.me.id, authState.creds.me.lid || '', signalRepository, logger);
959
- const alt = msg.key.participantAlt || msg.key.remoteJidAlt;
960
- // store new mappings we didn't have before
961
- if (!!alt) {
962
- const altServer = jidDecode(alt)?.server;
963
- const primaryJid = msg.key.participant || msg.key.remoteJid;
964
- if (altServer === 'lid') {
965
- if (!(await signalRepository.lidMapping.getPNForLID(alt))) {
966
- await signalRepository.lidMapping.storeLIDPNMappings([{ lid: alt, pn: primaryJid }]);
967
- await signalRepository.migrateSession(primaryJid, alt);
1274
+ let acked = false;
1275
+ try {
1276
+ const { fullMessage: msg, category, author, decrypt } = decryptMessageNode(node, authState.creds.me.id, authState.creds.me.lid || '', signalRepository, logger);
1277
+ const alt = msg.key.participantAlt || msg.key.remoteJidAlt;
1278
+ // store new mappings we didn't have before
1279
+ if (!!alt) {
1280
+ const altServer = jidDecode(alt)?.server;
1281
+ const primaryJid = msg.key.participant || msg.key.remoteJid;
1282
+ if (altServer === 'lid') {
1283
+ if (!(await signalRepository.lidMapping.getPNForLID(alt))) {
1284
+ await signalRepository.lidMapping.storeLIDPNMappings([{ lid: alt, pn: primaryJid }]);
1285
+ await signalRepository.migrateSession(primaryJid, alt);
1286
+ }
1287
+ }
1288
+ else {
1289
+ await signalRepository.lidMapping.storeLIDPNMappings([{ lid: primaryJid, pn: alt }]);
1290
+ await signalRepository.migrateSession(alt, primaryJid);
968
1291
  }
969
1292
  }
970
- else {
971
- await signalRepository.lidMapping.storeLIDPNMappings([{ lid: primaryJid, pn: alt }]);
972
- await signalRepository.migrateSession(alt, primaryJid);
973
- }
974
- }
975
- if (msg.key?.remoteJid && msg.key?.id && messageRetryManager) {
976
- messageRetryManager.addRecentMessage(msg.key.remoteJid, msg.key.id, msg.message);
977
- logger.debug({
978
- jid: msg.key.remoteJid,
979
- id: msg.key.id
980
- }, 'Added message to recent cache for retry receipts');
981
- }
982
- try {
983
1293
  await messageMutex.mutex(async () => {
984
1294
  await decrypt();
1295
+ if (msg.key?.remoteJid && msg.key?.id && msg.message && messageRetryManager) {
1296
+ messageRetryManager.addRecentMessage(msg.key.remoteJid, msg.key.id, msg.message);
1297
+ }
985
1298
  // message failed to decrypt
986
1299
  if (msg.messageStubType === proto.WebMessageInfo.StubType.CIPHERTEXT && msg.category !== 'peer') {
987
1300
  if (msg?.messageStubParameters?.[0] === MISSING_KEYS_ERROR_TEXT) {
1301
+ acked = true;
988
1302
  return sendMessageAck(node, NACK_REASONS.ParsingError);
989
1303
  }
990
1304
  if (msg.messageStubParameters?.[0] === NO_MESSAGE_FOUND_ERROR_TEXT) {
@@ -996,11 +1310,13 @@ export const makeMessagesRecvSocket = (config) => {
996
1310
  unavailableType === 'hosted_unavailable_fanout' ||
997
1311
  unavailableType === 'view_once_unavailable_fanout') {
998
1312
  logger.debug({ msgId: msg.key.id, unavailableType }, 'skipping placeholder resend for excluded unavailable type');
1313
+ acked = true;
999
1314
  return sendMessageAck(node);
1000
1315
  }
1001
1316
  const messageAge = unixTimestampSeconds() - toNumber(msg.messageTimestamp);
1002
1317
  if (messageAge > PLACEHOLDER_MAX_AGE_SECONDS) {
1003
1318
  logger.debug({ msgId: msg.key.id, messageAge }, 'skipping placeholder resend for old message');
1319
+ acked = true;
1004
1320
  return sendMessageAck(node);
1005
1321
  }
1006
1322
  // Request the real content from the phone via placeholder resend PDO.
@@ -1037,6 +1353,7 @@ export const makeMessagesRecvSocket = (config) => {
1037
1353
  .catch(err => {
1038
1354
  logger.warn({ err, msgId: msg.key.id }, 'failed to request placeholder resend for unavailable message');
1039
1355
  });
1356
+ acked = true;
1040
1357
  await sendMessageAck(node);
1041
1358
  // Don't return — fall through to upsertMessage so the stub is emitted
1042
1359
  }
@@ -1046,32 +1363,18 @@ export const makeMessagesRecvSocket = (config) => {
1046
1363
  const messageAge = unixTimestampSeconds() - toNumber(msg.messageTimestamp);
1047
1364
  if (messageAge > STATUS_EXPIRY_SECONDS) {
1048
1365
  logger.debug({ msgId: msg.key.id, messageAge, remoteJid: msg.key.remoteJid }, 'skipping retry for expired status message');
1366
+ acked = true;
1049
1367
  return sendMessageAck(node);
1050
1368
  }
1051
1369
  }
1052
- const errorMessage = msg?.messageStubParameters?.[0] || '';
1053
- const isPreKeyError = errorMessage.includes('PreKey');
1054
- logger.debug(`[handleMessage] Attempting retry request for failed decryption`);
1055
- // Handle both pre-key and normal retries in single mutex
1370
+ logger.debug('[handleMessage] Attempting retry request for failed decryption');
1371
+ // WAWeb only retry-receipts here; server emits PreKeyLow if prekeys run low.
1056
1372
  await retryMutex.mutex(async () => {
1057
1373
  try {
1058
1374
  if (!ws.isOpen) {
1059
1375
  logger.debug({ node }, 'Connection closed, skipping retry');
1060
1376
  return;
1061
1377
  }
1062
- // Handle pre-key errors with upload and delay
1063
- if (isPreKeyError) {
1064
- logger.info({ error: errorMessage }, 'PreKey error detected, uploading and retrying');
1065
- try {
1066
- logger.debug('Uploading pre-keys for error recovery');
1067
- await uploadPreKeys(5);
1068
- logger.debug('Waiting for server to process new pre-keys');
1069
- await delay(1000);
1070
- }
1071
- catch (uploadErr) {
1072
- logger.error({ uploadErr }, 'Pre-key upload failed, proceeding with retry anyway');
1073
- }
1074
- }
1075
1378
  const encNode = getBinaryNodeChild(node, 'enc');
1076
1379
  await sendRetryRequest(node, !encNode);
1077
1380
  if (retryRequestDelayMs) {
@@ -1079,16 +1382,9 @@ export const makeMessagesRecvSocket = (config) => {
1079
1382
  }
1080
1383
  }
1081
1384
  catch (err) {
1082
- logger.error({ err, isPreKeyError }, 'Failed to handle retry, attempting basic retry');
1083
- // Still attempt retry even if pre-key upload failed
1084
- try {
1085
- const encNode = getBinaryNodeChild(node, 'enc');
1086
- await sendRetryRequest(node, !encNode);
1087
- }
1088
- catch (retryErr) {
1089
- logger.error({ retryErr }, 'Failed to send retry after error handling');
1090
- }
1385
+ logger.error({ err }, 'Failed to send retry');
1091
1386
  }
1387
+ acked = true;
1092
1388
  await sendMessageAck(node, NACK_REASONS.UnhandledError);
1093
1389
  });
1094
1390
  }
@@ -1117,6 +1413,7 @@ export const makeMessagesRecvSocket = (config) => {
1117
1413
  else if (!sendActiveReceipts) {
1118
1414
  type = 'inactive';
1119
1415
  }
1416
+ acked = true;
1120
1417
  await sendReceipt(msg.key.remoteJid, participant, [msg.key.id], type);
1121
1418
  // send ack for history message
1122
1419
  const isAnyHistoryMsg = getHistoryMsg(msg.message);
@@ -1126,6 +1423,7 @@ export const makeMessagesRecvSocket = (config) => {
1126
1423
  }
1127
1424
  }
1128
1425
  else {
1426
+ acked = true;
1129
1427
  await sendMessageAck(node);
1130
1428
  logger.debug({ key: msg.key }, 'processed newsletter message without receipts');
1131
1429
  }
@@ -1136,45 +1434,62 @@ export const makeMessagesRecvSocket = (config) => {
1136
1434
  }
1137
1435
  catch (error) {
1138
1436
  logger.error({ error, node: binaryNodeToString(node) }, 'error in handling message');
1437
+ if (!acked) {
1438
+ await sendMessageAck(node, NACK_REASONS.UnhandledError).catch(ackErr => logger.error({ ackErr }, 'failed to ack message after error'));
1439
+ }
1139
1440
  }
1140
1441
  };
1141
1442
  const handleCall = async (node) => {
1142
- const { attrs } = node;
1143
- const [infoChild] = getAllBinaryNodeChildren(node);
1144
- const status = getCallStatusFromNode(infoChild);
1145
- if (!infoChild) {
1146
- throw new Boom('Missing call info in call node');
1147
- }
1148
- const callId = infoChild.attrs['call-id'];
1149
- const from = infoChild.attrs.from || infoChild.attrs['call-creator'];
1150
- const call = {
1151
- chatId: attrs.from,
1152
- from,
1153
- callerPn: infoChild.attrs['caller_pn'],
1154
- id: callId,
1155
- date: new Date(+attrs.t * 1000),
1156
- offline: !!attrs.offline,
1157
- status
1158
- };
1159
- if (status === 'offer') {
1160
- call.isVideo = !!getBinaryNodeChild(infoChild, 'video');
1161
- call.isGroup = infoChild.attrs.type === 'group' || !!infoChild.attrs['group-jid'];
1162
- call.groupJid = infoChild.attrs['group-jid'];
1163
- await callOfferCache.set(call.id, call);
1164
- }
1165
- const existingCall = await callOfferCache.get(call.id);
1166
- // use existing call info to populate this event
1167
- if (existingCall) {
1168
- call.isVideo = existingCall.isVideo;
1169
- call.isGroup = existingCall.isGroup;
1170
- call.callerPn = call.callerPn || existingCall.callerPn;
1171
- }
1172
- // delete data once call has ended
1173
- if (status === 'reject' || status === 'accept' || status === 'timeout' || status === 'terminate') {
1174
- await callOfferCache.del(call.id);
1175
- }
1176
- ev.emit('call', [call]);
1177
- await sendMessageAck(node);
1443
+ try {
1444
+ const { attrs } = node;
1445
+ const [infoChild] = getAllBinaryNodeChildren(node);
1446
+ if (!infoChild) {
1447
+ throw new Boom('Missing call info in call node');
1448
+ }
1449
+ const status = getCallStatusFromNode(infoChild);
1450
+ const callId = infoChild.attrs['call-id'];
1451
+ const from = infoChild.attrs.from || infoChild.attrs['call-creator'];
1452
+ const call = {
1453
+ chatId: attrs.from,
1454
+ from,
1455
+ callerPn: infoChild.attrs['caller_pn'],
1456
+ id: callId,
1457
+ date: new Date(+attrs.t * 1000),
1458
+ offline: !!attrs.offline,
1459
+ status
1460
+ };
1461
+ if (status === 'relaylatency') {
1462
+ const latencyValue = infoChild.attrs.latency || infoChild.attrs['latency_ms'] || infoChild.attrs['latency-ms'];
1463
+ const latencyMs = latencyValue ? Number(latencyValue) : undefined;
1464
+ if (Number.isFinite(latencyMs)) {
1465
+ call.latencyMs = latencyMs;
1466
+ }
1467
+ }
1468
+ if (status === 'offer') {
1469
+ call.isVideo = !!getBinaryNodeChild(infoChild, 'video');
1470
+ call.isGroup = infoChild.attrs.type === 'group' || !!infoChild.attrs['group-jid'];
1471
+ call.groupJid = infoChild.attrs['group-jid'];
1472
+ await callOfferCache.set(call.id, call);
1473
+ }
1474
+ const existingCall = await callOfferCache.get(call.id);
1475
+ // use existing call info to populate this event
1476
+ if (existingCall) {
1477
+ call.isVideo = existingCall.isVideo;
1478
+ call.isGroup = existingCall.isGroup;
1479
+ call.callerPn = call.callerPn || existingCall.callerPn;
1480
+ }
1481
+ // delete data once call has ended
1482
+ if (status === 'reject' || status === 'accept' || status === 'timeout' || status === 'terminate') {
1483
+ await callOfferCache.del(call.id);
1484
+ }
1485
+ ev.emit('call', [call]);
1486
+ }
1487
+ catch (error) {
1488
+ logger.error({ error, node: binaryNodeToString(node) }, 'error in handling call');
1489
+ }
1490
+ finally {
1491
+ await sendMessageAck(node).catch(ackErr => logger.error({ ackErr }, 'failed to ack call'));
1492
+ }
1178
1493
  };
1179
1494
  const handleBadAck = async ({ attrs }) => {
1180
1495
  const key = { remoteJid: attrs.from, fromMe: true, id: attrs.id };
@@ -1194,29 +1509,61 @@ export const makeMessagesRecvSocket = (config) => {
1194
1509
  // error in acknowledgement,
1195
1510
  // device could not display the message
1196
1511
  if (attrs.error) {
1197
- logger.warn({ attrs }, 'received error in ack');
1512
+ const isReachoutTimelocked = attrs.error === String(NACK_REASONS.SenderReachoutTimelocked);
1513
+ if (attrs.error === SERVER_ERROR_CODES.MessageAccountRestriction) {
1514
+ // 463 = 1:1 message missing privacy token (tctoken). Usually means the
1515
+ // account is restricted: WhatsApp blocks starting new chats but preserves
1516
+ // existing ones, since established chats already carry a tctoken.
1517
+ // WA Web prevents this client-side (disables the compose bar).
1518
+ // No retry — retrying counts as another "reach out" and worsens the restriction.
1519
+ logger.warn({ msgId: attrs.id, from: attrs.from }, 'error 463: account restricted or missing tctoken for contact');
1520
+ const ackFrom = attrs.from;
1521
+ if (ackFrom && !inFlight463Recoveries.has(ackFrom)) {
1522
+ inFlight463Recoveries.add(ackFrom);
1523
+ void (async () => {
1524
+ try {
1525
+ const getPNForLID = signalRepository.lidMapping.getPNForLID.bind(signalRepository.lidMapping);
1526
+ const tcStorageJid = await resolveTcTokenJid(ackFrom, getLIDForPN);
1527
+ const issueJid = await resolveIssuanceJid(ackFrom, sock.serverProps.lidTrustedTokenIssueToLid, getLIDForPN, getPNForLID);
1528
+ const result = await issuePrivacyTokens([issueJid], unixTimestampSeconds());
1529
+ await storeTcTokensFromIqResult({
1530
+ result,
1531
+ fallbackJid: tcStorageJid,
1532
+ keys: authState.keys,
1533
+ getLIDForPN,
1534
+ onNewJidStored: trackTcTokenJid
1535
+ });
1536
+ logger.debug({ from: ackFrom }, 'completed 463 token recovery issuance');
1537
+ }
1538
+ catch (err) {
1539
+ logger.debug({ from: ackFrom, err: err?.message }, 'failed 463 token recovery issuance');
1540
+ }
1541
+ finally {
1542
+ inFlight463Recoveries.delete(ackFrom);
1543
+ }
1544
+ })();
1545
+ }
1546
+ }
1547
+ else if (attrs.error === SERVER_ERROR_CODES.SmaxInvalid) {
1548
+ logger.warn({ msgId: attrs.id, from: attrs.from }, 'smax-invalid (479): stanza rejected by server — likely stale device session or malformed addressing');
1549
+ }
1550
+ else if (isReachoutTimelocked) {
1551
+ // user is temporarily restricted, fetch current restriction details
1552
+ await fetchAccountReachoutTimelock().catch(err => logger.warn({ err }, 'failed to fetch reachout timelock'));
1553
+ logger.warn({ attrs }, 'received error in ack');
1554
+ }
1555
+ else {
1556
+ logger.warn({ attrs }, 'received error in ack');
1557
+ }
1198
1558
  ev.emit('messages.update', [
1199
1559
  {
1200
1560
  key,
1201
1561
  update: {
1202
1562
  status: WAMessageStatus.ERROR,
1203
- messageStubParameters: [attrs.error]
1563
+ messageStubParameters: isReachoutTimelocked ? [attrs.error, ACCOUNT_RESTRICTED_TEXT] : [attrs.error]
1204
1564
  }
1205
1565
  }
1206
1566
  ]);
1207
- // resend the message with device_fanout=false, use at your own risk
1208
- // if (attrs.error === '475') {
1209
- // const msg = await getMessage(key)
1210
- // if (msg) {
1211
- // await relayMessage(key.remoteJid!, msg, {
1212
- // messageId: key.id!,
1213
- // useUserDevicesCache: false,
1214
- // additionalAttributes: {
1215
- // device_fanout: 'false'
1216
- // }
1217
- // })
1218
- // }
1219
- // }
1220
1567
  }
1221
1568
  };
1222
1569
  /// processes a node with the given function
@@ -1229,53 +1576,30 @@ export const makeMessagesRecvSocket = (config) => {
1229
1576
  return exec(node, false).catch(err => onUnexpectedError(err, identifier));
1230
1577
  }
1231
1578
  };
1232
- /** Yields control to the event loop to prevent blocking */
1233
- const yieldToEventLoop = () => {
1234
- return new Promise(resolve => setImmediate(resolve));
1235
- };
1236
- const makeOfflineNodeProcessor = () => {
1237
- const nodeProcessorMap = new Map([
1238
- ['message', handleMessage],
1239
- ['call', handleCall],
1240
- ['receipt', handleReceipt],
1241
- ['notification', handleNotification]
1242
- ]);
1243
- const nodes = [];
1244
- let isProcessing = false;
1245
- // Number of nodes to process before yielding to event loop
1246
- const BATCH_SIZE = 10;
1247
- const enqueue = (type, node) => {
1248
- nodes.push({ type, node });
1249
- if (isProcessing) {
1250
- return;
1251
- }
1252
- isProcessing = true;
1253
- const promise = async () => {
1254
- let processedInBatch = 0;
1255
- while (nodes.length && ws.isOpen) {
1256
- const { type, node } = nodes.shift();
1257
- const nodeProcessor = nodeProcessorMap.get(type);
1258
- if (!nodeProcessor) {
1259
- onUnexpectedError(new Error(`unknown offline node type: ${type}`), 'processing offline node');
1260
- continue;
1261
- }
1262
- await nodeProcessor(node);
1263
- processedInBatch++;
1264
- // Yield to event loop after processing a batch
1265
- // This prevents blocking the event loop for too long when there are many offline nodes
1266
- if (processedInBatch >= BATCH_SIZE) {
1267
- processedInBatch = 0;
1268
- await yieldToEventLoop();
1269
- }
1270
- }
1271
- isProcessing = false;
1272
- };
1273
- promise().catch(error => onUnexpectedError(error, 'processing offline nodes'));
1274
- };
1275
- return { enqueue };
1276
- };
1277
- const offlineNodeProcessor = makeOfflineNodeProcessor();
1579
+ const offlineNodeProcessor = makeOfflineNodeProcessor(new Map([
1580
+ ['message', handleMessage],
1581
+ ['call', handleCall],
1582
+ ['receipt', handleReceipt],
1583
+ ['notification', handleNotification]
1584
+ ]), {
1585
+ isWsOpen: () => ws.isOpen,
1586
+ onUnexpectedError,
1587
+ yieldToEventLoop: () => new Promise(resolve => setImmediate(resolve))
1588
+ });
1278
1589
  const processNode = async (type, node, identifier, exec) => {
1590
+ // Fast path: ack and drop ignored JIDs before entering the buffer/queue
1591
+ const from = node.attrs.from;
1592
+ let ignoreJid = from;
1593
+ if (type === 'receipt' && from) {
1594
+ const attrs = node.attrs;
1595
+ const isLid = attrs.from.includes('lid');
1596
+ const isNodeFromMe = areJidsSameUser(attrs.participant || attrs.from, isLid ? authState.creds.me?.lid : authState.creds.me?.id);
1597
+ ignoreJid = !isNodeFromMe || isJidGroup(attrs.from) ? attrs.from : attrs.recipient;
1598
+ }
1599
+ if (ignoreJid && ignoreJid !== S_WHATSAPP_NET && shouldIgnoreJid(ignoreJid)) {
1600
+ await sendMessageAck(node, type === 'message' ? NACK_REASONS.UnhandledError : undefined);
1601
+ return;
1602
+ }
1279
1603
  const isOffline = !!node.attrs.offline;
1280
1604
  if (isOffline) {
1281
1605
  offlineNodeProcessor.enqueue(type, node);
@@ -1331,12 +1655,110 @@ export const makeMessagesRecvSocket = (config) => {
1331
1655
  await upsertMessage(protoMsg, call.offline ? 'append' : 'notify');
1332
1656
  }
1333
1657
  });
1334
- ev.on('connection.update', ({ isOnline }) => {
1658
+ /** timestamp of last tctoken prune run — throttles to once per 24h */
1659
+ let lastTcTokenPruneTs = 0;
1660
+ /** dedupe in-flight 463 recovery token issuance by target JID */
1661
+ const inFlight463Recoveries = new Set();
1662
+ ev.on('connection.update', ({ isOnline, connection }) => {
1335
1663
  if (typeof isOnline !== 'undefined') {
1336
1664
  sendActiveReceipts = isOnline;
1337
1665
  logger.trace(`sendActiveReceipts set to "${sendActiveReceipts}"`);
1338
1666
  }
1667
+ // Flush pending tctoken index save on disconnect to avoid writing after close
1668
+ if (connection === 'close' && tcTokenIndexTimer) {
1669
+ clearTimeout(tcTokenIndexTimer);
1670
+ tcTokenIndexTimer = undefined;
1671
+ // Best-effort flush — may fail if store is already closed
1672
+ try {
1673
+ void Promise.resolve(flushTcTokenIndex()).catch(() => { });
1674
+ }
1675
+ catch {
1676
+ /* ignore sync errors */
1677
+ }
1678
+ }
1679
+ // Prune expired tctokens when coming online, at most once per 24 hours
1680
+ // Matches WA Web's CLEAN_TC_TOKENS task
1681
+ // Note: don't gate on tcTokenKnownJids.size — the index may still be loading
1682
+ if (isOnline) {
1683
+ const now = Date.now();
1684
+ const DAY_MS = 24 * 60 * 60 * 1000;
1685
+ if (now - lastTcTokenPruneTs >= DAY_MS) {
1686
+ lastTcTokenPruneTs = now;
1687
+ void pruneExpiredTcTokens();
1688
+ }
1689
+ }
1339
1690
  });
1691
+ registerSocketEndHandler(() => {
1692
+ if (!config.msgRetryCounterCache && msgRetryCache.close) {
1693
+ msgRetryCache.close();
1694
+ }
1695
+ if (!config.callOfferCache && callOfferCache.close) {
1696
+ callOfferCache.close();
1697
+ }
1698
+ identityAssertDebounce.close();
1699
+ sendActiveReceipts = false;
1700
+ });
1701
+ async function pruneExpiredTcTokens() {
1702
+ try {
1703
+ await tcTokenIndexLoaded;
1704
+ // Union with the persisted index picks up JIDs added by other layers
1705
+ // (history sync) without needing inter-module wiring.
1706
+ const persisted = await readTcTokenIndex(authState.keys);
1707
+ const allJids = new Set(tcTokenKnownJids);
1708
+ for (const jid of persisted)
1709
+ allJids.add(jid);
1710
+ if (!allJids.size)
1711
+ return;
1712
+ const jids = [...allJids];
1713
+ const allTokens = await authState.keys.get('tctoken', jids);
1714
+ const writes = {};
1715
+ const survivors = new Set();
1716
+ let mutated = 0;
1717
+ for (const jid of jids) {
1718
+ const entry = allTokens[jid];
1719
+ if (!entry) {
1720
+ // Tracked but nothing in store — drop from index.
1721
+ mutated++;
1722
+ continue;
1723
+ }
1724
+ const hasPeerToken = !!entry.token?.length;
1725
+ const peerTokenExpired = hasPeerToken && isTcTokenExpired(entry.timestamp);
1726
+ const hasSenderTs = entry.senderTimestamp !== undefined;
1727
+ const senderTsExpired = hasSenderTs && isTcTokenExpired(entry.senderTimestamp);
1728
+ const keepPeerToken = hasPeerToken && !peerTokenExpired;
1729
+ const keepSenderTs = hasSenderTs && !senderTsExpired;
1730
+ if (!keepPeerToken && !keepSenderTs) {
1731
+ writes[jid] = null;
1732
+ mutated++;
1733
+ }
1734
+ else if (peerTokenExpired && keepSenderTs) {
1735
+ writes[jid] = { token: Buffer.alloc(0), senderTimestamp: entry.senderTimestamp };
1736
+ survivors.add(jid);
1737
+ mutated++;
1738
+ }
1739
+ else {
1740
+ survivors.add(jid);
1741
+ }
1742
+ }
1743
+ if (mutated === 0)
1744
+ return;
1745
+ await authState.keys.set({
1746
+ tctoken: {
1747
+ ...writes,
1748
+ [TC_TOKEN_INDEX_KEY]: {
1749
+ token: Buffer.from(JSON.stringify([...survivors]))
1750
+ }
1751
+ }
1752
+ });
1753
+ tcTokenKnownJids.clear();
1754
+ for (const jid of survivors)
1755
+ tcTokenKnownJids.add(jid);
1756
+ logger.debug({ mutated, remaining: survivors.size }, 'pruned expired tctokens');
1757
+ }
1758
+ catch (err) {
1759
+ logger.warn({ err: err?.message }, 'failed to prune expired tctokens');
1760
+ }
1761
+ }
1340
1762
  return {
1341
1763
  ...sock,
1342
1764
  sendMessageAck,