@sixcore/baileys 1.0.0

package/lib/Utils/messages-media.js

@@ -0,0 +1,643 @@
+"use strict";
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Lena-Baileys — Módulo de Mídia
+// ─────────────────────────────────────────────────────────────────────────────
+
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+
+Object.defineProperty(exports, "__esModule", { value: true });
+
+exports.getStatusCodeForMediaRetry =
+exports.decryptMediaRetryData =
+exports.decodeMediaRetryNode =
+exports.encryptMediaRetryRequest =
+exports.getWAUploadToServer =
+exports.downloadEncryptedContent =
+exports.downloadContentFromMessageV1 =
+exports.clearDownloadCache =
+exports.detectMimeType =
+exports.downloadContentFromMessage =
+exports.getUrlFromDirectPath =
+exports.encryptedStream =
+exports.prepareStream =
+exports.getHttpStream =
+exports.getStream =
+exports.toBuffer =
+exports.toReadable =
+exports.mediaMessageSHA256B64 =
+exports.generateProfilePicture =
+exports.encodeBase64EncodedStringForUpload =
+exports.extractImageThumb =
+exports.hkdfInfoKey = void 0;
+
+exports.getMediaKeys      = getMediaKeys;
+exports.getAudioDuration  = getAudioDuration;
+exports.getAudioWaveform  = getAudioWaveform;
+exports.generateThumbnail = generateThumbnail;
+exports.extensionForMediaMessage = extensionForMediaMessage;
+
+// ─── Dependências ─────────────────────────────────────────────────────────────
+const { Boom }               = require("@hapi/boom");
+const { exec }               = require("child_process");
+const Crypto                 = __importStar(require("crypto"));
+const { once }               = require("events");
+const { createReadStream, createWriteStream, writeFileSync, promises: fsp } = require("fs");
+const { tmpdir }             = require("os");
+const { join }               = require("path");
+const { Readable, Transform } = require("stream");
+const Proto                  = require("../../WAProto");
+const Config                 = require("../Defaults");
+const JidUtils               = require("../WABinary");
+const CryptoUtils            = require("./crypto");
+const Helpers                = require("./generics");
+
+// ─── Cache de downloads ───────────────────────────────────────────────────────
+const DOWNLOAD_CACHE = new Map()
+const MAX_RETRIES    = 3
+const RETRY_DELAY_MS = 1000
+
+// ─── Helpers internos ─────────────────────────────────────────────────────────
+const getTmpDir   = () => tmpdir()
+const sleep       = (ms) => new Promise(r => setTimeout(r, ms))
+
+// ─── Detecta mime type pelo buffer ───────────────────────────────────────────
+const detectMimeType = (buffer) => {
+    if (!buffer || buffer.length < 4) return 'application/octet-stream'
+    const hex = buffer.slice(0, 4).toString('hex')
+    if (hex.startsWith('ffd8ff'))   return 'image/jpeg'
+    if (hex.startsWith('89504e47')) return 'image/png'
+    if (hex.startsWith('47494638')) return 'image/gif'
+    if (hex.startsWith('25504446')) return 'application/pdf'
+    if (hex.startsWith('494433') || hex.startsWith('fffb')) return 'audio/mpeg'
+    if (hex.startsWith('4f676753')) return 'audio/ogg'
+    if (hex.startsWith('1a45dfa3')) return 'video/webm'
+    if (buffer.slice(4, 8).toString('ascii') === 'ftyp')   return 'video/mp4'
+    if (hex.startsWith('52494646')) return 'audio/wav'
+    if (hex.startsWith('504b0304')) return 'application/zip'
+    return 'application/octet-stream'
+}
+exports.detectMimeType = detectMimeType
+
+// ─── Limpar cache de downloads ────────────────────────────────────────────────
+const clearDownloadCache = () => DOWNLOAD_CACHE.clear()
+exports.clearDownloadCache = clearDownloadCache
+
+// ─── Biblioteca de processamento de imagem ────────────────────────────────────
+const getImageProcessingLibrary = async () => {
+    const [_jimp, sharp] = await Promise.all([
+        import('jimp').catch(() => {}),
+        import('sharp').catch(() => {}),
+    ])
+    if (sharp)                          return { sharp }
+    const jimp = _jimp?.default || _jimp
+    if (jimp)                           return { jimp }
+    throw new Boom('Nenhuma biblioteca de imagem disponível')
+}
+
+// ─── Chave HKDF por tipo de mídia ────────────────────────────────────────────
+const hkdfInfoKey = (type) => `WhatsApp ${Config.MEDIA_HKDF_KEY_MAPPING[type]} Keys`
+exports.hkdfInfoKey = hkdfInfoKey
+
+// ─── Deriva chaves de criptografia ───────────────────────────────────────────
+async function getMediaKeys(buffer, mediaType) {
+    if (!buffer) throw new Boom('Chave de mídia vazia')
+    if (typeof buffer === 'string') buffer = Buffer.from(buffer.replace('data:;base64,', ''), 'base64')
+    const expanded = await CryptoUtils.hkdf(buffer, 112, { info: hkdfInfoKey(mediaType) })
+    return {
+        iv:        expanded.slice(0, 16),
+        cipherKey: expanded.slice(16, 48),
+        macKey:    expanded.slice(48, 80),
+    }
+}
+
+// ─── Extrai thumbnail de vídeo via ffmpeg ─────────────────────────────────────
+const extractVideoThumb = (path, dest, time, size) => new Promise((resolve, reject) => {
+    const cmd = `ffmpeg -ss ${time} -i ${path} -y -vf scale=${size.width}:-1 -vframes 1 -f image2 ${dest}`
+    exec(cmd, (err) => err ? reject(err) : resolve())
+})
+
+// ─── Extrai thumbnail de imagem ───────────────────────────────────────────────
+const extractImageThumb = async (bufferOrPath, width = 32) => {
+    var _a, _b
+    if (bufferOrPath instanceof Readable) bufferOrPath = await toBuffer(bufferOrPath)
+    const lib = await getImageProcessingLibrary()
+    if ('sharp' in lib && typeof ((_a = lib.sharp) === null || _a === void 0 ? void 0 : _a.default) === 'function') {
+        const img  = lib.sharp.default(bufferOrPath)
+        const meta = await img.metadata()
+        const buf  = await img.resize(width).jpeg({ quality: 50 }).toBuffer()
+        return { buffer: buf, original: { width: meta.width, height: meta.height } }
+    } else if ('jimp' in lib && typeof ((_b = lib.jimp) === null || _b === void 0 ? void 0 : _b.read) === 'function') {
+        const { read, MIME_JPEG, RESIZE_BILINEAR, AUTO } = lib.jimp
+        const jimp = await read(bufferOrPath)
+        const buf  = await jimp.quality(50).resize(width, AUTO, RESIZE_BILINEAR).getBufferAsync(MIME_JPEG)
+        return { buffer: buf, original: { width: jimp.getWidth(), height: jimp.getHeight() } }
+    }
+    throw new Boom('Nenhuma biblioteca de imagem disponível')
+}
+exports.extractImageThumb = extractImageThumb
+
+// ─── Encode base64 URL-safe para upload ──────────────────────────────────────
+const encodeBase64EncodedStringForUpload = (b64) =>
+    encodeURIComponent(b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=+$/, ''))
+exports.encodeBase64EncodedStringForUpload = encodeBase64EncodedStringForUpload
+
+// ─── Gera foto de perfil ──────────────────────────────────────────────────────
+const generateProfilePicture = async (mediaUpload) => {
+    const input = Buffer.isBuffer(mediaUpload)
+        ? mediaUpload
+        : typeof mediaUpload === 'object' && 'url' in mediaUpload
+            ? mediaUpload.url.toString()
+            : await toBuffer(mediaUpload.stream)
+    const { read, MIME_JPEG, AUTO } = require('jimp')
+    const jimp    = await read(input)
+    const cropped = jimp.crop(0, 0, jimp.getWidth(), jimp.getHeight())
+    return { img: await cropped.quality(100).scaleToFit(720, 720, AUTO).getBufferAsync(MIME_JPEG) }
+}
+exports.generateProfilePicture = generateProfilePicture
+
+// ─── SHA256 de mensagem de mídia ──────────────────────────────────────────────
+const mediaMessageSHA256B64 = (message) => {
+    const media = Object.values(message)[0]
+    return media?.fileSha256 && Buffer.from(media.fileSha256).toString('base64')
+}
+exports.mediaMessageSHA256B64 = mediaMessageSHA256B64
+
+// ─── Duração de áudio ─────────────────────────────────────────────────────────
+async function getAudioDuration(buffer) {
+    const mm = await import('music-metadata')
+    if (Buffer.isBuffer(buffer))       return (await mm.parseBuffer(buffer, undefined, { duration: true })).format.duration
+    if (typeof buffer === 'string') {
+        const rs = createReadStream(buffer)
+        try   { return (await mm.parseStream(rs, undefined, { duration: true })).format.duration }
+        finally { rs.destroy() }
+    }
+    return (await mm.parseStream(buffer, undefined, { duration: true })).format.duration
+}
+
+// ─── Waveform de áudio ────────────────────────────────────────────────────────
+async function getAudioWaveform(buffer, logger) {
+    try {
+        const audioDecode = (b) => import('audio-decode').then(({ default: d }) => d(b))
+        let data = Buffer.isBuffer(buffer) ? buffer
+            : typeof buffer === 'string'   ? await toBuffer(createReadStream(buffer))
+            : await toBuffer(buffer)
+        const decoded   = await audioDecode(data)
+        const raw       = decoded.getChannelData(0)
+        const samples   = 64
+        const blockSize = Math.floor(raw.length / samples)
+        const filtered  = Array.from({ length: samples }, (_, i) => {
+            let sum = 0
+            for (let j = 0; j < blockSize; j++) sum += Math.abs(raw[i * blockSize + j])
+            return sum / blockSize
+        })
+        const mult = Math.pow(Math.max(...filtered), -1)
+        return new Uint8Array(filtered.map(n => Math.floor(100 * n * mult)))
+    } catch (e) {
+        logger?.debug('Falha ao gerar waveform: ' + e)
+    }
+}
+
+// ─── Buffer / Stream helpers ──────────────────────────────────────────────────
+const toReadable = (buffer) => {
+    const r = new Readable({ read: () => {} })
+    r.push(buffer)
+    r.push(null)
+    return r
+}
+exports.toReadable = toReadable
+
+const toBuffer = async (stream) => {
+    const chunks = []
+    for await (const chunk of stream) chunks.push(chunk)
+    stream.destroy()
+    return Buffer.concat(chunks)
+}
+exports.toBuffer = toBuffer
+
+const getStream = async (item, opts) => {
+    if (Buffer.isBuffer(item)) return { stream: toReadable(item), type: 'buffer' }
+    if ('stream' in item)      return { stream: item.stream, type: 'readable' }
+    const url = item.url.toString()
+    if (url.startsWith('http://') || url.startsWith('https://'))
+        return { stream: await getHttpStream(item.url, opts), type: 'remote' }
+    return { stream: createReadStream(item.url), type: 'file' }
+}
+exports.getStream = getStream
+
+// ─── Gera thumbnail ───────────────────────────────────────────────────────────
+async function generateThumbnail(file, mediaType, options) {
+    var _a
+    let thumbnail, originalImageDimensions
+    if (mediaType === 'image') {
+        const { buffer, original } = await extractImageThumb(file)
+        thumbnail = buffer.toString('base64')
+        if (original.width && original.height) originalImageDimensions = original
+    } else if (mediaType === 'video') {
+        const imgPath = join(getTmpDir(), Helpers.generateMessageID() + '.jpg')
+        try {
+            await extractVideoThumb(file, imgPath, '00:00:00', { width: 32, height: 32 })
+            thumbnail = (await fsp.readFile(imgPath)).toString('base64')
+            await fsp.unlink(imgPath)
+        } catch (err) {
+            (_a = options.logger) === null || _a === void 0 ? void 0 : _a.debug('Falha ao gerar thumbnail de vídeo: ' + err)
+        }
+    }
+    return { thumbnail, originalImageDimensions }
+}
+
+// ─── HTTP Stream ──────────────────────────────────────────────────────────────
+const getHttpStream = async (url, options = {}) => {
+    const { default: axios } = await import('axios')
+    const res = await axios.get(url.toString(), { ...options, responseType: 'stream' })
+    return res.data
+}
+exports.getHttpStream = getHttpStream
+
+// ─── Prepara stream (newsletter) ──────────────────────────────────────────────
+const prepareStream = async (media, mediaType, { logger, saveOriginalFileIfRequired, opts } = {}) => {
+    const { stream, type } = await getStream(media, opts)
+    logger?.debug('stream de mídia obtido')
+    let bodyPath, didSaveToTmpPath = false
+    try {
+        const buffer    = await toBuffer(stream)
+        if (type === 'file') { bodyPath = media.url }
+        else if (saveOriginalFileIfRequired) {
+            bodyPath = join(getTmpDir(), mediaType + Helpers.generateMessageID())
+            writeFileSync(bodyPath, buffer)
+            didSaveToTmpPath = true
+        }
+        const fileSha256 = Crypto.createHash('sha256').update(buffer).digest()
+        stream?.destroy()
+        return { mediaKey: undefined, encWriteStream: buffer, fileLength: buffer.length, fileSha256, fileEncSha256: undefined, bodyPath, didSaveToTmpPath }
+    } catch (error) {
+        stream.destroy()
+        if (didSaveToTmpPath) { try { await fsp.unlink(bodyPath) } catch (e) { logger?.error({ e }, 'falha ao remover tmp') } }
+        throw error
+    }
+}
+exports.prepareStream = prepareStream
+
+// ─── Stream encriptado ────────────────────────────────────────────────────────
+const encryptedStream = async (media, mediaType, { logger, saveOriginalFileIfRequired, opts } = {}) => {
+    const { stream, type } = await getStream(media, opts)
+    logger?.debug('stream de mídia obtido')
+    const mediaKey = Crypto.randomBytes(32)
+    const { cipherKey, iv, macKey } = await getMediaKeys(mediaKey, mediaType)
+    const encWriteStream = new Readable({ read: () => {} })
+    let bodyPath, writeStream, didSaveToTmpPath = false
+    if (type === 'file') { bodyPath = media.url }
+    else if (saveOriginalFileIfRequired) {
+        bodyPath    = join(getTmpDir(), mediaType + Helpers.generateMessageID())
+        writeStream = createWriteStream(bodyPath)
+        didSaveToTmpPath = true
+    }
+    let fileLength = 0
+    const aes        = Crypto.createCipheriv('aes-256-cbc', cipherKey, iv)
+    let hmac         = Crypto.createHmac('sha256', macKey).update(iv)
+    let sha256Plain  = Crypto.createHash('sha256')
+    let sha256Enc    = Crypto.createHash('sha256')
+
+    function onChunk(buff) {
+        sha256Enc = sha256Enc.update(buff)
+        hmac      = hmac.update(buff)
+        encWriteStream.push(buff)
+    }
+
+    try {
+        for await (const data of stream) {
+            fileLength += data.length
+            if (type === 'remote' && opts?.maxContentLength && fileLength + data.length > opts.maxContentLength)
+                throw new Boom(`conteúdo excedeu o limite para "${type}"`, { data: { media, type } })
+            sha256Plain = sha256Plain.update(data)
+            if (writeStream) { if (!writeStream.write(data)) await once(writeStream, 'drain') }
+            onChunk(aes.update(data))
+        }
+        onChunk(aes.final())
+        const mac        = hmac.digest().slice(0, 10)
+        sha256Enc        = sha256Enc.update(mac)
+        const fileSha256 = sha256Plain.digest()
+        const fileEncSha256 = sha256Enc.digest()
+        encWriteStream.push(mac)
+        encWriteStream.push(null)
+        writeStream?.end()
+        stream.destroy()
+        logger?.debug('dados encriptados com sucesso')
+        return { mediaKey, encWriteStream, bodyPath, mac, fileEncSha256, fileSha256, fileLength, didSaveToTmpPath }
+    } catch (error) {
+        encWriteStream.destroy(); writeStream?.destroy()
+        aes.destroy(); hmac.destroy(); sha256Plain.destroy(); sha256Enc.destroy(); stream.destroy()
+        if (didSaveToTmpPath) { try { await fsp.unlink(bodyPath) } catch (e) { logger?.error({ e }, 'falha ao remover tmp') } }
+        throw error
+    }
+}
+exports.encryptedStream = encryptedStream
+
+// ─── URL de download ──────────────────────────────────────────────────────────
+const DEF_HOST = 'mmg.whatsapp.net'
+const AES_CHUNK_SIZE = 16
+const toSmallestChunk = (num) => Math.floor(num / AES_CHUNK_SIZE) * AES_CHUNK_SIZE
+const getUrlFromDirectPath = (directPath) => `https://${DEF_HOST}${directPath}`
+exports.getUrlFromDirectPath = getUrlFromDirectPath
+
+// ─────────────────────────────────────────────────────────────────────────────
+// downloadContentFromMessage — original
+// ─────────────────────────────────────────────────────────────────────────────
+const downloadContentFromMessage = async ({ mediaKey, directPath, url }, type, opts = {}) => {
+    const downloadUrl = url || getUrlFromDirectPath(directPath)
+    const keys = await getMediaKeys(mediaKey, type)
+    return downloadEncryptedContent(downloadUrl, keys, opts)
+}
+exports.downloadContentFromMessage = downloadContentFromMessage
+
+// ─────────────────────────────────────────────────────────────────────────────
+// downloadContentFromMessageV1 — versão melhorada
+// Melhorias: retry automático, progresso, cache, timeout, mime type, buffer, arquivo
+// ─────────────────────────────────────────────────────────────────────────────
+const downloadContentFromMessageV1 = async (
+    { mediaKey, directPath, url },
+    type,
+    opts = {}
+) => {
+    const {
+        onProgress = null,   // ({ downloaded, total, percent }) => void
+        useCache   = false,  // cache em memória
+        saveToFile = null,   // salvar direto em arquivo
+        timeoutMs  = 60_000, // timeout em ms
+        retries    = MAX_RETRIES,
+        asBuffer   = false,  // retornar buffer em vez de stream
+    } = opts
+
+    const downloadUrl = url || getUrlFromDirectPath(directPath)
+
+    // ── Cache ────────────────────────────────────────────────────────────────
+    if (useCache && DOWNLOAD_CACHE.has(downloadUrl)) {
+        const cached = DOWNLOAD_CACHE.get(downloadUrl)
+        return asBuffer ? cached : toReadable(cached)
+    }
+
+    const keys = await getMediaKeys(mediaKey, type)
+
+    // ── Retry automático ──────────────────────────────────────────────────────
+    let lastError
+    for (let attempt = 1; attempt <= retries; attempt++) {
+        try {
+            const result = await _executeDownload({ downloadUrl, keys, opts, onProgress, saveToFile, timeoutMs, asBuffer })
+            if (useCache && Buffer.isBuffer(result)) DOWNLOAD_CACHE.set(downloadUrl, result)
+            return result
+        } catch (err) {
+            lastError = err
+            if (attempt < retries) {
+                const delay = RETRY_DELAY_MS * attempt
+                console.warn(`[downloadV1] Tentativa ${attempt}/${retries} falhou. Retentando em ${delay}ms...`)
+                await sleep(delay)
+            }
+        }
+    }
+
+    throw new Error(`[downloadV1] Falhou após ${retries} tentativas: ${lastError?.message}`)
+}
+exports.downloadContentFromMessageV1 = downloadContentFromMessageV1
+
+// ─── Executa download com progresso/timeout ───────────────────────────────────
+const _executeDownload = async ({ downloadUrl, keys, opts, onProgress, saveToFile, timeoutMs, asBuffer }) => {
+    const controller   = new AbortController()
+    const timer        = setTimeout(() => controller.abort(), timeoutMs)
+    let fetchedStream
+    try {
+        fetchedStream = await downloadEncryptedContent(downloadUrl, keys, {
+            ...opts,
+            options: { ...(opts.options || {}), signal: controller.signal }
+        })
+    } finally {
+        clearTimeout(timer)
+    }
+
+    if (!onProgress && !saveToFile && !asBuffer) return fetchedStream
+
+    return new Promise((resolve, reject) => {
+        const chunks   = []
+        let downloaded = 0
+        const total    = parseInt(fetchedStream.headers?.['content-length'] || '0', 10)
+
+        fetchedStream.on('data', (chunk) => {
+            chunks.push(chunk)
+            downloaded += chunk.length
+            if (onProgress) onProgress({
+                downloaded,
+                total,
+                percent: total > 0 ? Math.round((downloaded / total) * 100) : null,
+            })
+        })
+
+        fetchedStream.on('end', async () => {
+            const buffer = Buffer.concat(chunks)
+            if (saveToFile) {
+                try { await fsp.writeFile(saveToFile, buffer); resolve(saveToFile) }
+                catch (err) { reject(err) }
+                return
+            }
+            resolve(asBuffer ? buffer : toReadable(buffer))
+        })
+
+        fetchedStream.on('error', reject)
+    })
+}
+
+// ─────────────────────────────────────────────────────────────────────────────
+// downloadEncryptedContent — desencripta stream AES256-CBC
+// ─────────────────────────────────────────────────────────────────────────────
+const downloadEncryptedContent = async (downloadUrl, { cipherKey, iv }, { startByte, endByte, options } = {}) => {
+    let bytesFetched = 0, startChunk = 0, firstBlockIsIV = false
+    if (startByte) {
+        const chunk = toSmallestChunk(startByte || 0)
+        if (chunk) { startChunk = chunk - AES_CHUNK_SIZE; bytesFetched = chunk; firstBlockIsIV = true }
+    }
+    const endChunk = endByte ? toSmallestChunk(endByte || 0) + AES_CHUNK_SIZE : undefined
+    const headers  = { ...(options?.headers || {}), Origin: Config.DEFAULT_ORIGIN }
+    if (startChunk || endChunk) {
+        headers.Range = `bytes=${startChunk}-`
+        if (endChunk) headers.Range += endChunk
+    }
+    const fetched = await getHttpStream(downloadUrl, { ...options || {}, headers, maxBodyLength: Infinity, maxContentLength: Infinity })
+    let remainingBytes = Buffer.from([])
+    let aes
+
+    const pushBytes = (bytes, push) => {
+        if (startByte || endByte) {
+            const start = bytesFetched >= startByte ? undefined : Math.max(startByte - bytesFetched, 0)
+            const end   = bytesFetched + bytes.length < endByte ? undefined : Math.max(endByte - bytesFetched, 0)
+            push(bytes.slice(start, end))
+            bytesFetched += bytes.length
+        } else {
+            push(bytes)
+        }
+    }
+
+    const output = new Transform({
+        transform(chunk, _, callback) {
+            let data = Buffer.concat([remainingBytes, chunk])
+            const decryptLen = toSmallestChunk(data.length)
+            remainingBytes   = data.slice(decryptLen)
+            data             = data.slice(0, decryptLen)
+            if (!aes) {
+                let ivValue = iv
+                if (firstBlockIsIV) { ivValue = data.slice(0, AES_CHUNK_SIZE); data = data.slice(AES_CHUNK_SIZE) }
+                aes = Crypto.createDecipheriv('aes-256-cbc', cipherKey, ivValue)
+                if (endByte) aes.setAutoPadding(false)
+            }
+            try { pushBytes(aes.update(data), b => this.push(b)); callback() }
+            catch (err) { callback(err) }
+        },
+        final(callback) {
+            try { pushBytes(aes.final(), b => this.push(b)); callback() }
+            catch (err) { callback(err) }
+        }
+    })
+
+    return fetched.pipe(output, { end: true })
+}
+exports.downloadEncryptedContent = downloadEncryptedContent
+
+// ─── Extensão por tipo de mensagem ───────────────────────────────────────────
+function extensionForMediaMessage(message) {
+    const type = Object.keys(message)[0]
+    if (['locationMessage', 'liveLocationMessage', 'productMessage'].includes(type)) return '.jpeg'
+    return '.' + message[type].mimetype.split(';')[0].split('/')[1]
+}
+
+// ─── Upload para servidor WA ──────────────────────────────────────────────────
+const getWAUploadToServer = ({ customUploadHosts, fetchAgent, logger, options }, refreshMediaConn) => {
+    return async (stream, { mediaType, fileEncSha256B64, newsletter, timeoutMs }) => {
+        var _a, _b
+        const { default: axios } = await import('axios')
+        let uploadInfo = await refreshMediaConn(false)
+        let urls
+        const hosts  = [...customUploadHosts, ...uploadInfo.hosts]
+        const chunks = []
+        if (!Buffer.isBuffer(stream)) { for await (const c of stream) chunks.push(c) }
+        const body = Buffer.isBuffer(stream) ? stream : Buffer.concat(chunks)
+        fileEncSha256B64 = encodeBase64EncodedStringForUpload(fileEncSha256B64)
+        let media = Config.MEDIA_PATH_MAP[mediaType]
+        if (newsletter) media = media?.replace('/mms/', '/newsletter/newsletter-')
+
+        for (const { hostname, maxContentLengthBytes } of hosts) {
+            logger.debug(`enviando para "${hostname}"`)
+            const auth = encodeURIComponent(uploadInfo.auth)
+            const url  = `https://${hostname}${media}/${fileEncSha256B64}?auth=${auth}&token=${fileEncSha256B64}`
+            let result
+            try {
+                if (maxContentLengthBytes && body.length > maxContentLengthBytes)
+                    throw new Boom(`Body muito grande para "${hostname}"`, { statusCode: 413 })
+                const res = await axios.post(url, body, {
+                    ...options,
+                    headers: { ...options.headers || {}, 'Content-Type': 'application/octet-stream', 'Origin': Config.DEFAULT_ORIGIN },
+                    httpsAgent: fetchAgent, timeout: timeoutMs, responseType: 'json',
+                    maxBodyLength: Infinity, maxContentLength: Infinity,
+                })
+                result = res.data
+                if (result?.url || result?.directPath) {
+                    urls = { mediaUrl: result.url, directPath: result.direct_path, handle: result.handle }
+                    break
+                } else {
+                    uploadInfo = await refreshMediaConn(true)
+                    throw new Error(`upload falhou: ${JSON.stringify(result)}`)
+                }
+            } catch (error) {
+                if (axios.isAxiosError(error)) result = (_a = error.response) === null || _a === void 0 ? void 0 : _a.data
+                const isLast = hostname === ((_b = hosts[uploadInfo.hosts.length - 1]) === null || _b === void 0 ? void 0 : _b.hostname)
+                logger.warn({ trace: error.stack, uploadResult: result }, `Erro ao enviar para ${hostname}${isLast ? '' : ', tentando próximo...'}`)
+            }
+        }
+        if (!urls) throw new Boom('Upload de mídia falhou em todos os hosts', { statusCode: 500 })
+        return urls
+    }
+}
+exports.getWAUploadToServer = getWAUploadToServer
+
+// ─── Retry de mídia ───────────────────────────────────────────────────────────
+const getMediaRetryKey = (mediaKey) => CryptoUtils.hkdf(mediaKey, 32, { info: 'WhatsApp Media Retry Notification' })
+
+const encryptMediaRetryRequest = async (key, mediaKey, meId) => {
+    const recp       = Proto.proto.ServerErrorReceipt.encode({ stanzaId: key.id }).finish()
+    const iv         = Crypto.randomBytes(12)
+    const retryKey   = await getMediaRetryKey(mediaKey)
+    const ciphertext = CryptoUtils.aesEncryptGCM(recp, retryKey, iv, Buffer.from(key.id))
+    return {
+        tag: 'receipt',
+        attrs: { id: key.id, to: JidUtils.jidNormalizedUser(meId), type: 'server-error' },
+        content: [
+            { tag: 'encrypt', attrs: {}, content: [
+                { tag: 'enc_p', attrs: {}, content: ciphertext },
+                { tag: 'enc_iv', attrs: {}, content: iv }
+            ]},
+            { tag: 'rmr', attrs: { jid: key.remoteJid, 'from_me': (!!key.fromMe).toString(), participant: key.participant || undefined } }
+        ]
+    }
+}
+exports.encryptMediaRetryRequest = encryptMediaRetryRequest
+
+const decodeMediaRetryNode = (node) => {
+    const rmr   = JidUtils.getBinaryNodeChild(node, 'rmr')
+    const event = { key: { id: node.attrs.id, remoteJid: rmr.attrs.jid, fromMe: rmr.attrs.from_me === 'true', participant: rmr.attrs.participant } }
+    const err   = JidUtils.getBinaryNodeChild(node, 'error')
+    if (err) {
+        const code  = +err.attrs.code
+        event.error = new Boom(`Falha ao reenviar mídia (${code})`, { data: err.attrs, statusCode: getStatusCodeForMediaRetry(code) })
+    } else {
+        const enc        = JidUtils.getBinaryNodeChild(node, 'encrypt')
+        const ciphertext = JidUtils.getBinaryNodeChildBuffer(enc, 'enc_p')
+        const iv         = JidUtils.getBinaryNodeChildBuffer(enc, 'enc_iv')
+        event.media = (ciphertext && iv) ? { ciphertext, iv } : undefined
+        if (!event.media) event.error = new Boom('Falha ao reenviar mídia (sem ciphertext)', { statusCode: 404 })
+    }
+    return event
+}
+exports.decodeMediaRetryNode = decodeMediaRetryNode
+
+const decryptMediaRetryData = async ({ ciphertext, iv }, mediaKey, msgId) => {
+    const retryKey = await getMediaRetryKey(mediaKey)
+    return Proto.proto.MediaRetryNotification.decode(CryptoUtils.aesDecryptGCM(ciphertext, retryKey, iv, Buffer.from(msgId)))
+}
+exports.decryptMediaRetryData = decryptMediaRetryData
+
+const MEDIA_RETRY_STATUS_MAP = {
+    [Proto.proto.MediaRetryNotification.ResultType.SUCCESS]:          200,
+    [Proto.proto.MediaRetryNotification.ResultType.DECRYPTION_ERROR]: 412,
+    [Proto.proto.MediaRetryNotification.ResultType.NOT_FOUND]:        404,
+    [Proto.proto.MediaRetryNotification.ResultType.GENERAL_ERROR]:    418,
+}
+const getStatusCodeForMediaRetry = (code) => MEDIA_RETRY_STATUS_MAP[code]
+exports.getStatusCodeForMediaRetry = getStatusCodeForMediaRetry