@yemo-dev/yebail 1.0.0

package/lib/Utils/crypto.js

@@ -0,0 +1,187 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signedKeyPair = exports.Curve = exports.generateSignalPubKey = void 0;
+exports.aesEncryptGCM = aesEncryptGCM;
+exports.aesDecryptGCM = aesDecryptGCM;
+exports.aesEncryptCTR = aesEncryptCTR;
+exports.aesDecryptCTR = aesDecryptCTR;
+exports.aesDecrypt = aesDecrypt;
+exports.aesDecryptWithIV = aesDecryptWithIV;
+exports.aesEncrypt = aesEncrypt;
+exports.aesEncrypWithIV = aesEncrypWithIV;
+exports.hmacSign = hmacSign;
+exports.sha256 = sha256;
+exports.md5 = md5;
+exports.hkdf = hkdf;
+exports.derivePairingCodeKey = derivePairingCodeKey;
+const crypto_1 = require("crypto");
+const libsignal = __importStar(require("libsignal"));
+const Defaults_1 = require("../Defaults");
+// insure browser & node compatibility
+const { subtle } = globalThis.crypto;
+
+const generateSignalPubKey = (pubKey) => (pubKey.length === 33
+    ? pubKey
+    : Buffer.concat([Defaults_1.KEY_BUNDLE_TYPE, pubKey]));
+exports.generateSignalPubKey = generateSignalPubKey;
+exports.Curve = {
+    generateKeyPair: () => {
+        const { pubKey, privKey } = libsignal.curve.generateKeyPair();
+        return {
+            private: Buffer.from(privKey),
+            // remove version byte
+            public: Buffer.from(pubKey.slice(1))
+        };
+    },
+    sharedKey: (privateKey, publicKey) => {
+        const shared = libsignal.curve.calculateAgreement((0, exports.generateSignalPubKey)(publicKey), privateKey);
+        return Buffer.from(shared);
+    },
+    sign: (privateKey, buf) => (libsignal.curve.calculateSignature(privateKey, buf)),
+    verify: (pubKey, message, signature) => {
+        try {
+            libsignal.curve.verifySignature((0, exports.generateSignalPubKey)(pubKey), message, signature);
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+};
+const signedKeyPair = (identityKeyPair, keyId) => {
+    const preKey = exports.Curve.generateKeyPair();
+    const pubKey = (0, exports.generateSignalPubKey)(preKey.public);
+    const signature = exports.Curve.sign(identityKeyPair.private, pubKey);
+    return { keyPair: preKey, signature, keyId };
+};
+exports.signedKeyPair = signedKeyPair;
+const GCM_TAG_LENGTH = 128 >> 3;
+
+function aesEncryptGCM(plaintext, key, iv, additionalData) {
+    const cipher = (0, crypto_1.createCipheriv)('aes-256-gcm', key, iv);
+    cipher.setAAD(additionalData);
+    return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()]);
+}
+
+function aesDecryptGCM(ciphertext, key, iv, additionalData) {
+    const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', key, iv);
+    // decrypt additional adata
+    const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH);
+    const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH);
+    // set additional data
+    decipher.setAAD(additionalData);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([decipher.update(enc), decipher.final()]);
+}
+function aesEncryptCTR(plaintext, key, iv) {
+    const cipher = (0, crypto_1.createCipheriv)('aes-256-ctr', key, iv);
+    return Buffer.concat([cipher.update(plaintext), cipher.final()]);
+}
+function aesDecryptCTR(ciphertext, key, iv) {
+    const decipher = (0, crypto_1.createDecipheriv)('aes-256-ctr', key, iv);
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+
+function aesDecrypt(buffer, key) {
+    return aesDecryptWithIV(buffer.slice(16, buffer.length), key, buffer.slice(0, 16));
+}
+
+function aesDecryptWithIV(buffer, key, IV) {
+    const aes = (0, crypto_1.createDecipheriv)('aes-256-cbc', key, IV);
+    return Buffer.concat([aes.update(buffer), aes.final()]);
+}
+// encrypt AES 256 CBC; where a random IV is prefixed to the buffer
+function aesEncrypt(buffer, key) {
+    const IV = (0, crypto_1.randomBytes)(16);
+    const aes = (0, crypto_1.createCipheriv)('aes-256-cbc', key, IV);
+    return Buffer.concat([IV, aes.update(buffer), aes.final()]); // prefix IV to the buffer
+}
+// encrypt AES 256 CBC with a given IV
+function aesEncrypWithIV(buffer, key, IV) {
+    const aes = (0, crypto_1.createCipheriv)('aes-256-cbc', key, IV);
+    return Buffer.concat([aes.update(buffer), aes.final()]); // prefix IV to the buffer
+}
+// sign HMAC using SHA 256
+function hmacSign(buffer, key, variant = 'sha256') {
+    return (0, crypto_1.createHmac)(variant, key).update(buffer).digest();
+}
+function sha256(buffer) {
+    return (0, crypto_1.createHash)('sha256').update(buffer).digest();
+}
+function md5(buffer) {
+    return (0, crypto_1.createHash)('md5').update(buffer).digest();
+}
+// HKDF key expansion
+async function hkdf(buffer, expandedLength, info) {
+    // Ensure we have a Uint8Array for the key material
+    const inputKeyMaterial = buffer instanceof Uint8Array
+        ? buffer
+        : new Uint8Array(buffer);
+    // Set default values if not provided
+    const salt = info.salt ? new Uint8Array(info.salt) : new Uint8Array(0);
+    const infoBytes = info.info
+        ? new TextEncoder().encode(info.info)
+        : new Uint8Array(0);
+    // Import the input key material
+    const importedKey = await subtle.importKey('raw', inputKeyMaterial, { name: 'HKDF' }, false, ['deriveBits']);
+    // Derive bits using HKDF
+    const derivedBits = await subtle.deriveBits({
+        name: 'HKDF',
+        hash: 'SHA-256',
+        salt: salt,
+        info: infoBytes
+    }, importedKey, expandedLength * 8 // Convert bytes to bits
+    );
+    return Buffer.from(derivedBits);
+}
+async function derivePairingCodeKey(pairingCode, salt) {
+    // Convert inputs to formats Web Crypto API can work with
+    const encoder = new TextEncoder();
+    const pairingCodeBuffer = encoder.encode(pairingCode);
+    const saltBuffer = salt instanceof Uint8Array ? salt : new Uint8Array(salt);
+    // Import the pairing code as key material
+    const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer, { name: 'PBKDF2' }, false, ['deriveBits']);
+    // Derive bits using PBKDF2 with the same parameters
+    // 2 << 16 = 131,072 iterations
+    const derivedBits = await subtle.deriveBits({
+        name: 'PBKDF2',
+        salt: saltBuffer,
+        iterations: 2 << 16,
+        hash: 'SHA-256'
+    }, keyMaterial, 32 * 8 // 32 bytes * 8 = 256 bits
+    );
+    return Buffer.from(derivedBits);
+}

package/lib/Utils/decode-wa-message.js

@@ -0,0 +1,293 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decryptMessageNode = exports.NACK_REASONS = exports.MISSING_KEYS_ERROR_TEXT = exports.NO_MESSAGE_FOUND_ERROR_TEXT = void 0;
+exports.decodeMessageNode = decodeMessageNode;
+const boom_1 = require("@hapi/boom");
+const WAProto_1 = require("../../WAProto");
+const WABinary_1 = require("../WABinary");
+const generics_1 = require("./generics");
+exports.NO_MESSAGE_FOUND_ERROR_TEXT = 'Message absent from node';
+exports.MISSING_KEYS_ERROR_TEXT = 'Key used already or never filled';
+exports.NACK_REASONS = {
+    ParsingError: 487,
+    UnrecognizedStanza: 488,
+    UnrecognizedStanzaClass: 489,
+    UnrecognizedStanzaType: 490,
+    InvalidProtobuf: 491,
+    InvalidHostedCompanionStanza: 493,
+    MissingMessageSecret: 495,
+    SignalErrorOldCounter: 496,
+    MessageDeletedOnPeer: 499,
+    UnhandledError: 500,
+    UnsupportedAdminRevoke: 550,
+    UnsupportedLIDGroup: 551,
+    DBOperationFailed: 552
+};
+/**
+ * Derives PN/LID alternates from stanza attrs (same rules as WhiskeySockets Baileys).
+ */
+function extractAddressingContext(stanza) {
+    let senderAlt;
+    let recipientAlt;
+    const sender = stanza.attrs.participant || stanza.attrs.from;
+    const isLidAddr = typeof sender === 'string' && (sender.endsWith('@lid') || sender.endsWith('@hosted.lid'));
+    const addressingMode = stanza.attrs.addressing_mode || (isLidAddr ? 'lid' : 'pn');
+    if (addressingMode === 'lid') {
+        senderAlt = stanza.attrs.participant_pn || stanza.attrs.sender_pn || stanza.attrs.peer_recipient_pn;
+        recipientAlt = stanza.attrs.recipient_pn;
+    }
+    else {
+        senderAlt = stanza.attrs.participant_lid || stanza.attrs.sender_lid || stanza.attrs.peer_recipient_lid;
+        recipientAlt = stanza.attrs.recipient_lid;
+    }
+    return { addressingMode, senderAlt, recipientAlt };
+}
+async function getDecryptionJid(sender, repository) {
+    if ((0, WABinary_1.isLidUser)(sender) || (0, WABinary_1.isHostedLidUser)(sender)) {
+        return sender;
+    }
+    const mapped = repository.lidMapping ? await repository.lidMapping.getLIDForPN(sender) : null;
+    return mapped || sender;
+}
+exports.getDecryptionJid = getDecryptionJid;
+async function storeMappingFromEnvelope(stanza, sender, repository, decryptionJid, logger) {
+    const { senderAlt } = extractAddressingContext(stanza);
+    if (senderAlt && (0, WABinary_1.isLidUser)(senderAlt) && (0, WABinary_1.isPnUser)(sender) && decryptionJid === sender && repository.lidMapping) {
+        try {
+            await repository.lidMapping.storeLIDPNMappings([{ lid: senderAlt, pn: sender }]);
+            await repository.migrateSession(sender, senderAlt);
+            logger.debug({ sender, senderAlt }, 'stored LID mapping from envelope');
+        }
+        catch (error) {
+            logger.warn({ sender, senderAlt, error }, 'failed to store LID mapping');
+        }
+    }
+}
+/**
+ * Parses the inbound node. When WhatsApp sends both PN and LID, keys use LID as the primary
+ * address (remoteJid / participant) and put PN on *Alt fields, consistent with lidMapping LID↔PN storage.
+ */
+function decodeMessageNode(stanza, meId, meLid) {
+    var _a, _b, _c, _d, _e, _f, _g, _h;
+    let msgType;
+    let chatId;
+    let author;
+    const msgId = stanza.attrs.id;
+    const from = stanza.attrs.from;
+    const senderPn = (_a = stanza === null || stanza === void 0 ? void 0 : stanza.attrs) === null || _a === void 0 ? void 0 : _a.sender_pn;
+    const senderLid = (_b = stanza === null || stanza === void 0 ? void 0 : stanza.attrs) === null || _b === void 0 ? void 0 : _b.sender_lid;
+    const participant = stanza.attrs.participant;
+    const participantLid = (_c = stanza === null || stanza === void 0 ? void 0 : stanza.attrs) === null || _c === void 0 ? void 0 : _c.participant_lid;
+    const recipientLidAttr = (_h = stanza === null || stanza === void 0 ? void 0 : stanza.attrs) === null || _h === void 0 ? void 0 : _h.recipient_lid;
+    const recipient = stanza.attrs.recipient;
+    const addressingContext = extractAddressingContext(stanza);
+    const isMe = (jid) => (0, WABinary_1.areJidsSameUser)(jid, meId);
+    const isMeLid = (jid) => (0, WABinary_1.areJidsSameUser)(jid, meLid);
+    if ((0, WABinary_1.isPnUser)(from) || (0, WABinary_1.isLidUser)(from) || (0, WABinary_1.isHostedLidUser)(from) || (0, WABinary_1.isHostedPnUser)(from)) {
+        if (recipient && !(0, WABinary_1.isJidMetaAi)(recipient)) {
+            if (!isMe(from) && !isMeLid(from)) {
+                throw new boom_1.Boom('receipient present, but msg not from me', { data: stanza });
+            }
+            chatId = recipient;
+        }
+        else {
+            chatId = from;
+        }
+        msgType = 'chat';
+        author = from;
+    }
+    else if ((0, WABinary_1.isJidGroup)(from)) {
+        if (!participant) {
+            throw new boom_1.Boom('No participant in group message');
+        }
+        msgType = 'group';
+        author = participant;
+        chatId = from;
+    }
+    else if ((0, WABinary_1.isJidNewsletter)(from)) {
+        msgType = 'newsletter';
+        author = from;
+        chatId = from;
+    }
+    else if ((0, WABinary_1.isJidBroadcast)(from)) {
+        if (!participant) {
+            throw new boom_1.Boom('No participant in group message');
+        }
+        const isParticipantMe = isMe(participant);
+        if ((0, WABinary_1.isJidStatusBroadcast)(from)) {
+            msgType = isParticipantMe ? 'direct_peer_status' : 'other_status';
+        }
+        else {
+            msgType = isParticipantMe ? 'peer_broadcast' : 'other_broadcast';
+        }
+        chatId = from;
+        author = participant;
+    }
+    else {
+        throw new boom_1.Boom('Unknown message type', { data: stanza });
+    }
+    const fromMe = (0, WABinary_1.isJidNewsletter)(from) ? !!((_d = stanza.attrs) === null || _d === void 0 ? void 0 : _d.is_sender) || false : ((0, WABinary_1.isLidUser)(from) ? isMeLid : isMe)(stanza.attrs.participant || stanza.attrs.from);
+    const pushname = (_e = stanza === null || stanza === void 0 ? void 0 : stanza.attrs) === null || _e === void 0 ? void 0 : _e.notify;
+    let resolvedRemoteJid = chatId;
+    let resolvedRemoteJidAlt = !(0, WABinary_1.isJidGroup)(chatId) ? addressingContext.senderAlt : undefined;
+    let resolvedParticipant = participant;
+    let resolvedParticipantAlt = (0, WABinary_1.isJidGroup)(chatId) ? addressingContext.senderAlt : undefined;
+    if (msgType === 'chat' && !(0, WABinary_1.isJidGroup)(chatId) && !(0, WABinary_1.isJidNewsletter)(chatId) && !(0, WABinary_1.isJidBroadcast)(chatId)) {
+        if ((0, WABinary_1.isPnUser)(chatId) && senderLid && (0, WABinary_1.isLidUser)(senderLid)) {
+            resolvedRemoteJid = senderLid;
+            resolvedRemoteJidAlt = chatId;
+        }
+        else if ((0, WABinary_1.isPnUser)(chatId) && recipientLidAttr && (0, WABinary_1.isLidUser)(recipientLidAttr)) {
+            resolvedRemoteJid = recipientLidAttr;
+            resolvedRemoteJidAlt = chatId;
+        }
+        else if (addressingContext.addressingMode === 'lid' && ((0, WABinary_1.isLidUser)(chatId) || (0, WABinary_1.isHostedLidUser)(chatId))) {
+            resolvedRemoteJid = chatId;
+            resolvedRemoteJidAlt = addressingContext.senderAlt;
+        }
+    }
+    if (msgType === 'group' && (0, WABinary_1.isJidGroup)(chatId) && participant) {
+        if (participantLid && (0, WABinary_1.isLidUser)(participantLid)) {
+            resolvedParticipant = participantLid;
+            resolvedParticipantAlt = (0, WABinary_1.isPnUser)(participant) ? participant : addressingContext.senderAlt;
+        }
+        else if (addressingContext.addressingMode === 'lid' && ((0, WABinary_1.isLidUser)(participant) || (0, WABinary_1.isHostedLidUser)(participant))) {
+            resolvedParticipant = participant;
+            resolvedParticipantAlt = addressingContext.senderAlt;
+        }
+    }
+    let resolvedLidKey = senderLid || participantLid;
+    if (msgType === 'group' && resolvedParticipant && (0, WABinary_1.isLidUser)(resolvedParticipant)) {
+        resolvedLidKey = resolvedParticipant;
+    }
+    else if (msgType === 'chat' && (0, WABinary_1.isLidUser)(resolvedRemoteJid)) {
+        resolvedLidKey = resolvedRemoteJid;
+    }
+    const key = {
+        remoteJid: resolvedRemoteJid,
+        remoteJidAlt: !(0, WABinary_1.isJidGroup)(resolvedRemoteJid) ? resolvedRemoteJidAlt : undefined,
+        fromMe,
+        id: msgId,
+        senderPn,
+        senderLid,
+        lid: resolvedLidKey,
+        participant: resolvedParticipant,
+        participantAlt: (0, WABinary_1.isJidGroup)(resolvedRemoteJid) ? resolvedParticipantAlt : undefined,
+        participantLid,
+        addressingMode: addressingContext.addressingMode,
+        'server_id': (_f = stanza.attrs) === null || _f === void 0 ? void 0 : _f.server_id
+    };
+    const fullMessage = {
+        key,
+        messageTimestamp: +stanza.attrs.t,
+        pushName: pushname,
+        broadcast: (0, WABinary_1.isJidBroadcast)(from)
+    };
+    if (msgType === 'newsletter') {
+        fullMessage.newsletterServerId = +((_g = stanza.attrs) === null || _g === void 0 ? void 0 : _g.server_id);
+    }
+    if (key.fromMe) {
+        fullMessage.status = WAProto_1.proto.WebMessageInfo.Status.SERVER_ACK;
+    }
+    return {
+        fullMessage,
+        author,
+        sender: msgType === 'chat' ? author : chatId
+    };
+}
+const decryptMessageNode = (stanza, meId, meLid, repository, logger) => {
+    const { fullMessage, author, sender } = decodeMessageNode(stanza, meId, meLid);
+    return {
+        fullMessage,
+        category: stanza.attrs.category,
+        author,
+        async decrypt() {
+            var _a;
+            let decryptables = 0;
+            if (Array.isArray(stanza.content)) {
+                for (const { tag, attrs, content } of stanza.content) {
+                    if (tag === 'verified_name' && content instanceof Uint8Array) {
+                        const cert = WAProto_1.proto.VerifiedNameCertificate.decode(content);
+                        const details = WAProto_1.proto.VerifiedNameCertificate.Details.decode(cert.details);
+                        fullMessage.verifiedBizName = details.verifiedName;
+                    }
+                    if (tag === 'unavailable' && attrs.type === 'view_once') {
+                        fullMessage.key.isViewOnce = true;
+                    }
+                    if (tag !== 'enc' && tag !== 'plaintext') {
+                        continue;
+                    }
+                    if (!(content instanceof Uint8Array)) {
+                        continue;
+                    }
+                    decryptables += 1;
+                    let msgBuffer;
+                    try {
+                        const e2eType = tag === 'plaintext' ? 'plaintext' : attrs.type;
+                        switch (e2eType) {
+                            case 'skmsg':
+                                msgBuffer = await repository.decryptGroupMessage({
+                                    group: sender,
+                                    authorJid: author,
+                                    msg: content
+                                });
+                                break;
+                            case 'pkmsg':
+                            case 'msg': {
+                                const decryptionJid = await getDecryptionJid(author, repository);
+                                if (tag !== 'plaintext') {
+                                    await storeMappingFromEnvelope(stanza, author, repository, decryptionJid, logger);
+                                }
+                                msgBuffer = await repository.decryptMessage({
+                                    jid: decryptionJid,
+                                    type: e2eType,
+                                    ciphertext: content
+                                });
+                                break;
+                            }
+                            case 'plaintext':
+                                msgBuffer = content;
+                                break;
+                            case undefined:
+                                msgBuffer = content;
+                                break;
+                            default:
+                                throw new Error(`Unknown e2e type: ${e2eType}`);
+                        }
+                        let msg = WAProto_1.proto.Message.decode(e2eType !== 'plaintext' ? (0, generics_1.unpadRandomMax16)(msgBuffer) : msgBuffer);
+                        msg = ((_a = msg === null || msg === void 0 ? void 0 : msg.deviceSentMessage) === null || _a === void 0 ? void 0 : _a.message) || msg;
+                        if (msg.senderKeyDistributionMessage) {
+                            try {
+                                await repository.processSenderKeyDistributionMessage({
+                                    authorJid: author,
+                                    item: msg.senderKeyDistributionMessage
+                                });
+                            }
+                            catch (err) {
+                                logger.error({ key: fullMessage.key, err }, 'failed to decrypt message');
+                            }
+                        }
+                        if (fullMessage.message) {
+                            Object.assign(fullMessage.message, msg);
+                        }
+                        else {
+                            fullMessage.message = msg;
+                        }
+                    }
+                    catch (err) {
+                        logger.error({ key: fullMessage.key, err }, 'failed to decrypt message');
+                        fullMessage.messageStubType = WAProto_1.proto.WebMessageInfo.StubType.CIPHERTEXT;
+                        fullMessage.messageStubParameters = [err.message];
+                    }
+                }
+            }
+            // if nothing was found to decrypt
+            if (!decryptables) {
+                fullMessage.messageStubType = WAProto_1.proto.WebMessageInfo.StubType.CIPHERTEXT;
+                fullMessage.messageStubParameters = [exports.NO_MESSAGE_FOUND_ERROR_TEXT];
+            }
+        }
+    };
+};
+exports.decryptMessageNode = decryptMessageNode;
+exports.extractAddressingContext = extractAddressingContext;