fca-phantom 1.0.0

package/phantom/core/builder/ignite.js

@@ -0,0 +1,386 @@
+"use strict";
+
+const tools = require("../../datastore/models/matrix/tools");
+const axios = require("axios");
+const path = require("path");
+const fs = require("fs");
+const qs = require("querystring");
+const { normalizeCookieHeaderString, setJarFromPairs } = require("../../datastore/models/matrix/transform/cookieParser");
+const { parseRegion, genTotp } = require("../../datastore/models/matrix/credentials");
+const { generateIdentityByMode, cacheIdentityData } = require("../../datastore/models/matrix/identity");
+
+/**
+ * Orchestrates the full session bootstrap sequence:
+ * cookie injection → page fetch → context assembly → API wiring.
+ *
+ * @param {object}   creds          Cookie state, email/pass, or TOTP bundle.
+ * @param {object}   cfg            Live configuration object.
+ * @param {function} cb             Final node-style callback (err, api).
+ * @param {function} configFn       Reference to the config applicator.
+ * @param {function} forgeFn        Reference to the context forge function.
+ * @param {object}   seedApi        Partially-built API object (may be null).
+ * @param {function} originFn       Facebook URL builder.
+ * @param {string}   errNoIdentity  Error message when identity can't be found.
+ * @returns {Promise<void>}
+ */
+async function ignite(creds, cfg, cb, configFn, forgeFn, seedApi, originFn, errNoIdentity) {
+    let ctx = null;
+    let coreFuncs = null;
+    let api = seedApi;
+
+    const { phantomBanner } = require("../../datastore/models/matrix/tools");
+    phantomBanner();
+
+    try {
+        const jar = tools.getJar();
+        tools.log("phantom-fca", "Initializing session...");
+
+        const mode = cfg.persona || "desktop";
+        const modeSwitched = cfg.cachedPersona && cfg.cachedPersona !== mode;
+
+        if (modeSwitched) {
+            tools.log("phantom-fca", `Identity mode changed ${cfg.cachedPersona} → ${mode}, resetting fingerprint cache`);
+            const desktopKeys = ["cachedUserAgent","cachedSecChUa","cachedSecChUaFullVersionList","cachedSecChUaPlatform","cachedSecChUaPlatformVersion","cachedBrowser"];
+            const androidKeys = ["cachedAndroidUA","cachedAndroidVersion","cachedAndroidDevice","cachedAndroidBuildId","cachedAndroidResolution","cachedAndroidFbav","cachedAndroidFbbv","cachedAndroidLocale","cachedAndroidCarrier"];
+            [...desktopKeys, ...androidKeys, "cachedLocale", "cachedTimezone"].forEach(k => delete cfg[k]);
+        }
+
+        const needsDesktop = mode === "desktop" && !cfg.cachedUserAgent;
+        const needsAndroid = (mode === "android" || mode === "mobile") && !cfg.cachedAndroidUA;
+
+        if (needsDesktop || needsAndroid) {
+            const identity = generateIdentityByMode(mode, cfg);
+            cacheIdentityData(cfg, identity);
+            cfg.cachedPersona = mode;
+            tools.log("phantom-fca", mode === "desktop"
+                ? `Desktop identity initialized (${identity.browser})`
+                : "Android/Orca mobile identity initialized");
+
+            const { getRandomLocale, getRandomTimezone } = require("../../datastore/models/matrix/signals");
+            if (!cfg.cachedLocale)   cfg.cachedLocale   = getRandomLocale();
+            if (!cfg.cachedTimezone) cfg.cachedTimezone = getRandomTimezone();
+
+            try {
+                const { globalShield } = require("../../datastore/models/matrix/ghost");
+                globalShield.lockSessionFingerprint(
+                    identity.userAgent || cfg.cachedAndroidUA,
+                    identity.secChUa || "",
+                    identity.secChUaPlatform || identity.persona || "desktop",
+                    cfg.cachedLocale,
+                    cfg.cachedTimezone
+                );
+            } catch (_) {}
+        } else {
+            tools.log("phantom-fca", mode === "desktop" ? "Using cached desktop identity" : "Using cached Android identity");
+        }
+
+        let sessionCookies = creds.appState;
+
+        if (!sessionCookies && !creds.email && !creds.password) {
+            try {
+                const { hydrateJarFromDB } = require("../../datastore/appState");
+                const restored = await hydrateJarFromDB(jar, null);
+                if (restored) tools.log("phantom-fca", "Session restored from persistent store");
+            } catch (e) {
+                tools.warn("phantom-fca", "Could not restore session from store:", e.message);
+            }
+        }
+
+        if (sessionCookies) {
+            let pairs = [];
+            if (Array.isArray(sessionCookies)) {
+                pairs = sessionCookies.map(c => [c.name || c.key, c.value].join("="));
+            } else if (typeof sessionCookies === "string") {
+                pairs = normalizeCookieHeaderString(sessionCookies);
+                if (!pairs.length) pairs = sessionCookies.split(";").map(s => s.trim()).filter(Boolean);
+            } else {
+                throw new Error("Invalid session format. Provide cookie array or cookie string.");
+            }
+            setJarFromPairs(jar, pairs);
+            tools.log("phantom-fca", "Session cookies injected");
+
+        } else if (creds.email && creds.password) {
+            if (creds.totpSecret) tools.log("phantom-fca", "TOTP secret detected");
+
+            const authEndpoint = "https://api.facebook.com/method/auth.login";
+            const authParams = {
+                access_token: "350685531728|62f8ce9f74b12f84c123cc23437a4a32",
+                format: "json",
+                sdk_version: 2,
+                email: creds.email,
+                locale: "en_US",
+                password: creds.password,
+                generate_session_cookies: 1,
+                sig: "c1c640010993db92e5afd11634ced864",
+            };
+
+            if (creds.totpSecret) {
+                try {
+                    const otp = await genTotp(creds.totpSecret);
+                    authParams.credentials_type = "two_factor";
+                    authParams.twofactor_code = otp;
+                    tools.log("phantom-fca", "2FA token generated");
+                } catch (e) {
+                    tools.warn("phantom-fca", "2FA token generation failed:", e.message);
+                }
+            }
+
+            try {
+                const res = await axios.get(`${authEndpoint}?${qs.stringify(authParams)}`);
+                if (res.status !== 200) throw new Error("Authentication failed");
+                setJarFromPairs(jar, res.data.session_cookies.map(c => `${c.name}=${c.value}`));
+                tools.log("phantom-fca", "Email/password authentication successful");
+            } catch (e) {
+                throw new Error("Authentication failed — check credentials");
+            }
+        } else {
+            throw new Error("No credentials provided. Supply appState cookies or email+password.");
+        }
+
+        if (!api) {
+            api = {
+                setOptions: configFn.bind(null, cfg),
+                getAppState() {
+                    const state = tools.getAppState(jar);
+                    if (!Array.isArray(state)) return [];
+                    const unique = state.filter((item, i, self) => self.findIndex(t => t.key === item.key) === i);
+                    return unique.length > 0 ? unique : state;
+                },
+            };
+        }
+
+        try {
+            const { globalShield } = require("../../datastore/models/matrix/ghost");
+            globalShield.resetCircuitBreaker();
+            globalShield.enableWarmup();
+        } catch (_) {}
+
+        const pageResp = await tools.get(originFn(), jar, null, cfg, { noRef: true }).then(tools.saveCookies(jar));
+
+        const extractBlobs = (html) => {
+            const blobs = [];
+            const re = /<script type="application\/json"[^>]*>(.*?)<\/script>/g;
+            let m;
+            while ((m = re.exec(html)) !== null) {
+                try { blobs.push(JSON.parse(m[1])); } catch (_) {}
+            }
+            return blobs;
+        };
+
+        const netBlobs = extractBlobs(pageResp.body);
+        const [newCtx, newCoreFuncs] = await forgeFn(pageResp.body, jar, netBlobs, cfg, originFn, errNoIdentity);
+        ctx = newCtx;
+        coreFuncs = newCoreFuncs;
+
+        const detectedRegion = parseRegion(pageResp.body);
+        ctx.region = detectedRegion;
+        tools.log("phantom-fca", "Region detected:", detectedRegion);
+
+        try {
+            const { backupAppStateSQL } = require("../../datastore/appState");
+            await backupAppStateSQL(jar, ctx.userID);
+        } catch (e) {
+            tools.warn("phantom-fca", "Session snapshot failed:", e.message);
+        }
+
+        api.message   = new Map();
+        api.timestamp = {};
+
+        const mountDispatch = () => {
+            const dispatchPath = path.join(__dirname, "..", "..", "dispatch");
+            if (!fs.existsSync(dispatchPath)) {
+                tools.error("phantom-fca", "Dispatch directory not found:", dispatchPath);
+                return;
+            }
+            const skipModules = ["deltaProcessor"];
+            fs.readdirSync(dispatchPath)
+                .filter(f => f.endsWith(".js"))
+                .forEach(f => {
+                    const name = path.basename(f, ".js");
+                    if (skipModules.includes(name)) return;
+                    try {
+                        const mod = require(path.join(dispatchPath, f));
+                        if (typeof mod === "function") api[name] = mod(coreFuncs, api, ctx);
+                    } catch (e) {
+                        tools.error("phantom-fca", `Failed to mount dispatch module [${name}]:`, e);
+                    }
+                });
+        };
+
+        api.getCurrentUserID = () => ctx.userID;
+        api.getOptions       = (k) => (k ? cfg[k] : cfg);
+        mountDispatch();
+
+        if (api.nickname && typeof api.nickname === "function") {
+            api.changeNickname = api.nickname;
+        }
+
+        try {
+            const schema    = require("../../datastore/models");
+            const threadsDb = require("../../datastore/threads");
+            const usersDb   = require("../../datastore/users");
+            schema.syncAll().then(() => tools.log("phantom-fca", "Data store synced")).catch(e => tools.warn("phantom-fca", "Data store sync error:", e.message));
+            api.threadData = threadsDb(api);
+            api.userData   = usersDb(api);
+        } catch (e) {
+            tools.warn("phantom-fca", "Data store optional — skipped:", e.message);
+        }
+
+        api.ctx           = ctx;
+        api.defaultFuncs  = coreFuncs;
+        api.globalOptions = cfg;
+
+        const { CycleManager } = require("../../datastore/models/matrix/cycle");
+        if (api._cycleManager) {
+            api._cycleManager.halt();
+        } else {
+            api._cycleManager = new CycleManager();
+        }
+
+        const { globalReviveManager } = require("../../datastore/models/matrix/revive");
+
+        if (cfg.autoReLogin !== false) {
+            globalReviveManager.setCredentials(creds, cfg, cb);
+            tools.log("phantom-fca", "Auto-revive enabled");
+            try { globalReviveManager.updateAppState(api.getAppState()); } catch (_) {}
+
+            api._cycleManager.setExpiryHandler(() => {
+                tools.warn("phantom-fca", "Token cycle expired — triggering revive...");
+                globalReviveManager.handleSessionExpiry(api, originFn(), errNoIdentity);
+            });
+
+            ctx.performAutoLogin = async () => {
+                try {
+                    const r = await globalReviveManager.handleSessionExpiry(api, originFn(), errNoIdentity);
+                    return r !== false;
+                } catch (_) { return false; }
+            };
+        }
+
+        api.disconnect = () => {
+            const fn = require("../../dispatch/logout")(coreFuncs, api, ctx);
+            return fn();
+        };
+
+        const shutdownCleanup = () => {
+            tools.log("phantom-fca", "Graceful shutdown in progress...");
+            if (api._cycleManager)     api._cycleManager.halt();
+            if (globalReviveManager)   { globalReviveManager.stopSessionMonitoring(); globalReviveManager.disable(); }
+            if (ctx.mqttClient?.end)   { try { ctx.mqttClient.end(true); } catch (_) {} }
+            if (ctx._emitter)          ctx._emitter.removeAllListeners();
+            ["_mqttWatchdog","_autoCycleTimer","_periodicBackupInterval"].forEach(k => { if (ctx[k]) clearInterval(ctx[k]); });
+            ["_tmsTimeout","_reconnectTimer"].forEach(k => { if (ctx[k]) clearTimeout(ctx[k]); });
+            tools.log("phantom-fca", "Shutdown complete");
+        };
+
+        if (!process._phantomCleanupRegistered) {
+            process._phantomCleanupRegistered = true;
+            process.on("exit",             () => shutdownCleanup());
+            process.on("SIGINT",           () => { shutdownCleanup(); process.exit(0); });
+            process.on("SIGTERM",          () => { shutdownCleanup(); process.exit(0); });
+            process.on("uncaughtException", (err) => { tools.error("phantom-fca", err.message); shutdownCleanup(); process.exit(1); });
+            process.on("unhandledRejection",(r)   => tools.error("phantom-fca", String(r?.message ?? r)));
+        }
+
+        if (ctx._periodicBackupInterval) clearInterval(ctx._periodicBackupInterval);
+        ctx._periodicBackupInterval = setInterval(async () => {
+            try {
+                const { backupAppStateSQL } = require("../../datastore/appState");
+                await backupAppStateSQL(jar, ctx.userID);
+            } catch (_) {}
+        }, 15 * 60 * 1000);
+
+        api._cycleManager.startAutoRefresh(ctx, coreFuncs, originFn());
+
+        api.refreshTokens        = () => api._cycleManager.refreshTokens(ctx, coreFuncs, originFn());
+        api.getCycleStatus       = () => api._cycleManager.getStatus();
+
+        api.getHealthStatus = () => {
+            const mqttOk = !!(ctx.mqttClient?.connected);
+            let rateStats = null;
+            try { const { getRateLimiterStats } = require("../../datastore/models/matrix/gate"); rateStats = getRateLimiterStats(); } catch (_) {}
+            return {
+                mqttConnected: mqttOk,
+                autoReconnect: !!cfg.autoReconnect,
+                tokenCycle: {
+                    lastRefresh:  api._cycleManager.lastRefresh,
+                    nextRefresh:  api._cycleManager.getTimeUntilNextRefresh(),
+                    failureCount: api._cycleManager.getFailureCount(),
+                },
+                autoRevive: {
+                    enabled:           globalReviveManager.isEnabled(),
+                    sessionMonitoring: !!globalReviveManager.sessionMonitorInterval,
+                },
+                rateLimiter: rateStats,
+            };
+        };
+
+        api.enableAutoRevive   = (on = true) => on
+            ? globalReviveManager.setCredentials(creds, cfg, cb)
+            : globalReviveManager.disable();
+        api.isAutoReviveActive = () => globalReviveManager.isEnabled();
+
+        api.isSessionAlive = () => new Promise(async (resolve) => {
+            try {
+                const probe = { noRef: true, _skipSessionInspect: true };
+                const r = await tools.get(
+                    "https://www.facebook.com/ajax/presence/reconnect.php?reason=14&fb_dtsg_ag=&__a=1",
+                    ctx.jar, null, ctx.globalOptions, probe
+                );
+                const html = r.body || "";
+                const isLoginWall =
+                    html.includes('<form id="login_form"') ||
+                    html.includes('id="loginbutton"')      ||
+                    html.includes('"login_page"')          ||
+                    html.includes('action="/login.php');
+                if (isLoginWall) return resolve(false);
+
+                if (html.includes('"checkpoint"') && html.includes('"flow_type"')) {
+                    try {
+                        const { globalShield } = require("../../datastore/models/matrix/ghost");
+                        globalShield.tripCircuitBreaker("checkpoint_detected", 60 * 60 * 1000);
+                    } catch (_) {}
+                    return resolve(false);
+                }
+                resolve(!!(ctx.fb_dtsg && ctx.fb_dtsg.length > 10));
+            } catch (err) {
+                const msg  = err.message || String(err);
+                const code = err.code    || "";
+                const NET  = ["ECONNRESET","ETIMEDOUT","ECONNREFUSED","ENETUNREACH","EHOSTUNREACH","EAI_AGAIN","ENOTFOUND","ESOCKETTIMEDOUT"];
+                if (NET.some(c => code === c || msg.includes(c)) || msg.includes("socket hang up") || msg.includes("connect ETIMEDOUT")) {
+                    tools.warn("phantom-fca", "Session probe — transient network issue, treating as valid");
+                    return resolve("network_error");
+                }
+                tools.error("phantom-fca", "Session probe failed:", msg);
+                resolve(false);
+            }
+        });
+
+        if (cfg.autoReLogin !== false) {
+            try {
+                const { globalReviveManager: rm } = require("../../datastore/models/matrix/revive");
+                rm.startSessionMonitoring(api);
+                tools.log("phantom-fca", "Session watchdog started");
+            } catch (_) {}
+        }
+
+        try {
+            const { globalShield } = require("../../datastore/models/matrix/ghost");
+            api.shield = {
+                getStatus:    ()  => globalShield.getStatus(),
+                reset:        ()  => globalShield.resetCircuitBreaker(),
+                addDelay:     ()  => globalShield.addSmartDelay(),
+                setDailyLimit:(n) => globalShield.setDailyLimit(n),
+                getBehavior:  ()  => globalShield.getBehaviorProfile(),
+            };
+        } catch (_) {}
+
+        cb(null, api);
+
+    } catch (err) {
+        tools.error("phantom-fca", "Session launch error:", err.message || err);
+        cb(err);
+    }
+}
+
+module.exports = ignite;

package/phantom/core/builder/options.js

@@ -0,0 +1,61 @@
+"use strict";
+
+const tools = require("../../datastore/models/matrix/tools");
+
+async function applyConfig(cfg, patch = {}) {
+    const handlers = {
+        online:              (v) => (cfg.online = Boolean(v)),
+        selfListen:          (v) => (cfg.selfListen = Boolean(v)),
+        selfListenEvent:     (v) => (cfg.selfListenEvent = v),
+        listenEvents:        (v) => (cfg.listenEvents = Boolean(v)),
+        updatePresence:      (v) => (cfg.updatePresence = Boolean(v)),
+        forceLogin:          (v) => (cfg.forceLogin = Boolean(v)),
+        userAgent:           (v) => (cfg.userAgent = v),
+        autoMarkDelivery:    (v) => (cfg.autoMarkDelivery = Boolean(v)),
+        autoMarkRead:        (v) => (cfg.autoMarkRead = Boolean(v)),
+        listenTyping:        (v) => (cfg.listenTyping = Boolean(v)),
+        autoReconnect:       (v) => (cfg.autoReconnect = Boolean(v)),
+        emitReady:           (v) => (cfg.emitReady = Boolean(v)),
+        simulateTyping:      (v) => (cfg.simulateTyping = Boolean(v)),
+        autoReLogin:         (v) => (cfg.autoReLogin = Boolean(v)),
+        persona:             (v) => (cfg.persona = ["desktop","android","mobile"].includes(v) ? v : "desktop"),
+        logLevel:            (v) => (cfg.logLevel = v),
+        sessionPersist:      (v) => (cfg.sessionPersist = Boolean(v)),
+        proxy(v) {
+            if (typeof v !== "string") { delete cfg.proxy; tools.setProxy(); }
+            else { cfg.proxy = v; tools.setProxy(v); }
+        },
+        randomUserAgent(v) {
+            cfg.randomUserAgent = Boolean(v);
+            if (v) cfg.userAgent = tools.randomUserAgent?.() || cfg.userAgent;
+        },
+        bypassRegion(v) { cfg.bypassRegion = v ? v.toUpperCase() : v; },
+        maxConcurrentRequests(v) {
+            if (typeof v === "number") { cfg.maxConcurrentRequests = Math.floor(v); tools.configureRateLimiter({ maxConcurrentRequests: cfg.maxConcurrentRequests }); }
+        },
+        maxRequestsPerMinute(v) {
+            if (typeof v === "number") { cfg.maxRequestsPerMinute = Math.floor(v); tools.configureRateLimiter({ maxRequestsPerMinute: cfg.maxRequestsPerMinute }); }
+        },
+        requestCooldownMs(v) {
+            if (typeof v === "number") { cfg.requestCooldownMs = Math.floor(v); tools.configureRateLimiter({ requestCooldownMs: cfg.requestCooldownMs }); }
+        },
+        errorCacheTtlMs(v) {
+            if (typeof v === "number") { cfg.errorCacheTtlMs = Math.floor(v); tools.configureRateLimiter({ errorCacheTtlMs: cfg.errorCacheTtlMs }); }
+        },
+        stealthMode(v) {
+            cfg.stealthMode = Boolean(v);
+            if (v) {
+                cfg.updatePresence = false;
+                cfg.online         = false;
+                cfg.simulateTyping = false;
+                tools.configureRateLimiter({ maxConcurrentRequests: 2, maxRequestsPerMinute: 60 });
+            }
+        },
+    };
+
+    for (const [key, val] of Object.entries(patch)) {
+        if (handlers[key]) handlers[key](val);
+    }
+}
+
+module.exports = applyConfig;

package/phantom/core/engine.js

@@ -0,0 +1,71 @@
+"use strict";
+
+const tools       = require("../datastore/models/matrix/tools");
+const applyConfig = require("./builder/options");
+const assembleAPI = require("./builder/forge");
+const igniteSession = require("./builder/bootstrap");
+
+let _globalCfg = {};
+let _ctx       = null;
+let _coreFuncs = null;
+let _client    = null;
+
+const origin = (ext) => "https://www.facebook.com" + (ext ? "/" + ext : "");
+
+const ERR_NO_IDENTITY =
+    "Unable to retrieve account identity. This may be caused by IP blocks, checkpoint walls, or invalid session cookies. Try re-authenticating via a browser first.";
+
+const DEFAULTS = {
+    selfListen:        false,
+    listenEvents:      true,
+    listenTyping:      false,
+    simulateTyping:    true,
+    updatePresence:    false,
+    forceLogin:        false,
+    autoMarkDelivery:  false,
+    autoMarkRead:      true,
+    autoReconnect:     true,
+    online:            true,
+    emitReady:         false,
+    persona:           "desktop",
+    autoReLogin:       true,
+    sessionPersist:    true,
+    userAgent:
+        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36",
+};
+
+async function connect(creds, opts, cb) {
+    if (typeof opts === "function") { cb = opts; opts = {}; }
+
+    let resolve, reject, promise;
+    if (typeof cb !== "function") {
+        promise = new Promise((res, rej) => { resolve = res; reject = rej; });
+        cb = (err, api) => (err ? reject(err) : resolve(api));
+    }
+
+    if (opts && "logging" in opts) tools.logOptions?.(opts.logging);
+
+    Object.assign(_globalCfg, DEFAULTS, opts);
+    await applyConfig(_globalCfg, opts || {});
+
+    igniteSession(
+        creds,
+        _globalCfg,
+        (err, sessionApi) => {
+            if (err) return cb(err);
+            _client    = sessionApi;
+            _ctx       = sessionApi.ctx;
+            _coreFuncs = sessionApi.defaultFuncs;
+            return cb(null, sessionApi);
+        },
+        applyConfig,
+        assembleAPI,
+        _client,
+        origin,
+        ERR_NO_IDENTITY
+    );
+
+    return promise;
+}
+
+module.exports = { connect };

package/phantom/core/reactor.js

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./engine");

package/phantom/datastore/appState.js

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./session");

package/phantom/datastore/appStateBackup.js

@@ -0,0 +1,34 @@
+"use strict";
+
+const { backupAppStateSQL } = require("./session");
+
+let _backupTimer = null;
+const DEFAULT_INTERVAL_MS = 5 * 60 * 1000;
+
+function startAutoBackup(jar, userID, intervalMs = DEFAULT_INTERVAL_MS) {
+    if (_backupTimer) clearInterval(_backupTimer);
+    _backupTimer = setInterval(async () => {
+        try {
+            await backupAppStateSQL(jar, userID);
+        } catch (_) {}
+    }, intervalMs);
+    if (_backupTimer.unref) _backupTimer.unref();
+    return _backupTimer;
+}
+
+function stopAutoBackup() {
+    if (_backupTimer) {
+        clearInterval(_backupTimer);
+        _backupTimer = null;
+    }
+}
+
+function isRunning() {
+    return _backupTimer !== null;
+}
+
+module.exports = {
+    startAutoBackup,
+    stopAutoBackup,
+    isRunning,
+};

package/phantom/datastore/models/cipher/e2ee.js

@@ -0,0 +1,48 @@
+"use strict";
+
+const crypto = require("crypto");
+
+class PhantomCipher {
+    constructor(algo = "aes-256-gcm") {
+        this._algo = algo;
+        this._keyLen = 32;
+    }
+
+    generateKey() { return crypto.randomBytes(this._keyLen); }
+
+    encrypt(text, key) {
+        const iv    = crypto.randomBytes(12);
+        const cipher= crypto.createCipheriv(this._algo, key, iv);
+        const enc   = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
+        const tag   = cipher.getAuthTag();
+        return Buffer.concat([iv, tag, enc]).toString("base64url");
+    }
+
+    decrypt(data, key) {
+        const buf   = Buffer.from(data, "base64url");
+        const iv    = buf.slice(0, 12);
+        const tag   = buf.slice(12, 28);
+        const enc   = buf.slice(28);
+        const decipher = crypto.createDecipheriv(this._algo, key, iv);
+        decipher.setAuthTag(tag);
+        return Buffer.concat([decipher.update(enc), decipher.final()]).toString("utf8");
+    }
+
+    deriveKey(passphrase, salt = null) {
+        const s = salt || crypto.randomBytes(16);
+        const key = crypto.scryptSync(passphrase, s, this._keyLen);
+        return { key, salt: s.toString("hex") };
+    }
+
+    hash(data, algo = "sha256") {
+        return crypto.createHash(algo).update(data).digest("hex");
+    }
+
+    hmac(data, key, algo = "sha256") {
+        return crypto.createHmac(algo, key).update(data).digest("hex");
+    }
+}
+
+const globalCipher = new PhantomCipher();
+
+module.exports = { PhantomCipher, globalCipher };