jagproject 26.3.23 → 26.3.26

package/lib/Signal/libsignal.js

@@ -34,102 +34,406 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.makeLibSignalRepository = makeLibSignalRepository;
+// @ts-ignore
 const libsignal = __importStar(require("libsignal"));
-const Utils_1 = require("../Utils");
-const WABinary_1 = require("../WABinary");
-const sender_key_name_1 = require("./Group/sender-key-name");
-const sender_key_record_1 = require("./Group/sender-key-record");
-const Group_1 = require("./Group");
-function makeLibSignalRepository(auth) {
-    const storage = signalStorage(auth);
-    return {
+// @ts-ignore
+const protobufs_js_1 = require("libsignal/src/protobufs.js");
+const lru_cache_1 = require("lru-cache");
+// ── Suppress libsignal "Closing session: SessionEntry {...}" noise ────────────
+// ES module imports di-hoist, jadi suppressor harus dipasang setelah semua import.
+// Cara paling efektif: patch console + process.stdout setelah module loaded.
+;
+(function _suppressSessionNoise() {
+    const _isNoise = (...args) => {
+        if (typeof args[0] === 'string') {
+            const s = args[0];
+            if (s.startsWith('Closing session') || s.includes('SessionEntry') ||
+                s.includes('pendingPreKey') || s.includes('currentRatchet') ||
+                s.includes('registrationId:') || s.includes('indexInfo:'))
+                return true;
+        }
+        if (args[1] && typeof args[1] === 'object' &&
+            args[1]?.constructor?.name === 'SessionEntry')
+            return true;
+        if (typeof args[0] === 'object' &&
+            args[0]?.constructor?.name === 'SessionEntry')
+            return true;
+        return false;
+    };
+    const _wrapFn = (orig) => (...args) => { if (_isNoise(...args))
+        return; orig(...args); };
+    console.log = _wrapFn(console.log.bind(console));
+    console.warn = _wrapFn(console.warn.bind(console));
+    console.info = _wrapFn(console.info.bind(console));
+    // Intercept process.stdout.write untuk kasus libsignal bypass console
+    const _origWrite = process.stdout.write.bind(process.stdout);
+    process.stdout.write = function (chunk, ...rest) {
+        if (typeof chunk === 'string' && (chunk.includes('Closing session') || chunk.includes('SessionEntry') ||
+            chunk.includes('pendingPreKey') || chunk.includes('currentRatchet')))
+            return true;
+        return _origWrite(chunk, ...rest);
+    };
+})();
+// ─────────────────────────────────────────────────────────────────────────────
+const index_js_1 = require("../Utils/index.js");
+const index_js_2 = require("../WABinary/index.js");
+const sender_key_name_js_1 = require("./Group/sender-key-name.js");
+const sender_key_record_js_1 = require("./Group/sender-key-record.js");
+const index_js_3 = require("./Group/index.js");
+const lid_mapping_js_1 = require("./lid-mapping.js");
+/** Extract identity key from PreKeyWhisperMessage for identity change detection */
+function extractIdentityFromPkmsg(ciphertext) {
+    try {
+        if (!ciphertext || ciphertext.length < 2) {
+            return undefined;
+        }
+        // Version byte check (version 3)
+        const version = ciphertext[0];
+        if ((version & 0xf) !== 3) {
+            return undefined;
+        }
+        // Parse protobuf (skip version byte)
+        const preKeyProto = protobufs_js_1.PreKeyWhisperMessage.decode(ciphertext.slice(1));
+        if (preKeyProto.identityKey?.length === 33) {
+            return new Uint8Array(preKeyProto.identityKey);
+        }
+        return undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function makeLibSignalRepository(auth, logger, pnToLIDFunc) {
+    const lidMapping = new lid_mapping_js_1.LIDMappingStore(auth.keys, logger, pnToLIDFunc);
+    const storage = signalStorage(auth, lidMapping);
+    const parsedKeys = auth.keys;
+    const migratedSessionCache = new lru_cache_1.LRUCache({
+        ttl: 3 * 24 * 60 * 60 * 1000, // 7 days
+        ttlAutopurge: true,
+        updateAgeOnGet: true
+    });
+    const repository = {
         decryptGroupMessage({ group, authorJid, msg }) {
             const senderName = jidToSignalSenderKeyName(group, authorJid);
-            const cipher = new Group_1.GroupCipher(storage, senderName);
-            return cipher.decrypt(msg);
+            const cipher = new index_js_3.GroupCipher(storage, senderName);
+            // Use transaction to ensure atomicity
+            return parsedKeys.transaction(async () => {
+                return cipher.decrypt(msg);
+            }, group);
         },
         async processSenderKeyDistributionMessage({ item, authorJid }) {
-            const builder = new Group_1.GroupSessionBuilder(storage);
+            const builder = new index_js_3.GroupSessionBuilder(storage);
             if (!item.groupId) {
                 throw new Error('Group ID is required for sender key distribution message');
             }
             const senderName = jidToSignalSenderKeyName(item.groupId, authorJid);
-            const senderMsg = new Group_1.SenderKeyDistributionMessage(null, null, null, null, item.axolotlSenderKeyDistributionMessage);
+            const senderMsg = new index_js_3.SenderKeyDistributionMessage(null, null, null, null, item.axolotlSenderKeyDistributionMessage);
             const senderNameStr = senderName.toString();
             const { [senderNameStr]: senderKey } = await auth.keys.get('sender-key', [senderNameStr]);
             if (!senderKey) {
-                await storage.storeSenderKey(senderName, new sender_key_record_1.SenderKeyRecord());
+                await storage.storeSenderKey(senderName, new sender_key_record_js_1.SenderKeyRecord());
             }
-            await builder.process(senderName, senderMsg);
+            return parsedKeys.transaction(async () => {
+                const { [senderNameStr]: senderKey } = await auth.keys.get('sender-key', [senderNameStr]);
+                if (!senderKey) {
+                    await storage.storeSenderKey(senderName, new sender_key_record_js_1.SenderKeyRecord());
+                }
+                await builder.process(senderName, senderMsg);
+            }, item.groupId);
         },
         async decryptMessage({ jid, type, ciphertext }) {
             const addr = jidToSignalProtocolAddress(jid);
             const session = new libsignal.SessionCipher(storage, addr);
-            let result;
-            switch (type) {
-                case 'pkmsg':
-                    result = await session.decryptPreKeyWhisperMessage(ciphertext);
-                    break;
-                case 'msg':
-                    result = await session.decryptWhisperMessage(ciphertext);
-                    break;
-                default:
-                    throw new Error(`Unknown message type: ${type}`);
-            }
-            return result;
+            // Extract and save sender's identity key before decryption for identity change detection
+            if (type === 'pkmsg') {
+                const identityKey = extractIdentityFromPkmsg(ciphertext);
+                if (identityKey) {
+                    const addrStr = addr.toString();
+                    const identityChanged = await storage.saveIdentity(addrStr, identityKey);
+                    if (identityChanged) {
+                        logger.info({ jid, addr: addrStr }, 'identity key changed or new contact, session will be re-established');
+                    }
+                }
+            }
+            async function doDecrypt() {
+                let result;
+                try {
+                    switch (type) {
+                        case 'pkmsg':
+                            result = await session.decryptPreKeyWhisperMessage(ciphertext);
+                            break;
+                        case 'msg':
+                            result = await session.decryptWhisperMessage(ciphertext);
+                            break;
+                    }
+                }
+                finally {
+                }
+                return result;
+            }
+            // If it's not a sync message, we need to ensure atomicity
+            // For regular messages, we use a transaction to ensure atomicity
+            return parsedKeys.transaction(async () => {
+                return await doDecrypt();
+            }, jid);
         },
         async encryptMessage({ jid, data }) {
             const addr = jidToSignalProtocolAddress(jid);
             const cipher = new libsignal.SessionCipher(storage, addr);
-            const { type: sigType, body } = await cipher.encrypt(data);
-            const type = sigType === 3 ? 'pkmsg' : 'msg';
-            return { type, ciphertext: Buffer.from(body, 'binary') };
+            // Use transaction to ensure atomicity
+            return parsedKeys.transaction(async () => {
+                const { type: sigType, body } = await cipher.encrypt(data);
+                const type = sigType === 3 ? 'pkmsg' : 'msg';
+                return { type, ciphertext: Buffer.from(body, 'binary') };
+            }, jid);
         },
         async encryptGroupMessage({ group, meId, data }) {
             const senderName = jidToSignalSenderKeyName(group, meId);
-            const builder = new Group_1.GroupSessionBuilder(storage);
+            const builder = new index_js_3.GroupSessionBuilder(storage);
             const senderNameStr = senderName.toString();
-            const { [senderNameStr]: senderKey } = await auth.keys.get('sender-key', [senderNameStr]);
-            if (!senderKey) {
-                await storage.storeSenderKey(senderName, new sender_key_record_1.SenderKeyRecord());
-            }
-            const senderKeyDistributionMessage = await builder.create(senderName);
-            const session = new Group_1.GroupCipher(storage, senderName);
-            const ciphertext = await session.encrypt(data);
-            return {
-                ciphertext,
-                senderKeyDistributionMessage: senderKeyDistributionMessage.serialize()
-            };
+            return parsedKeys.transaction(async () => {
+                const { [senderNameStr]: senderKey } = await auth.keys.get('sender-key', [senderNameStr]);
+                if (!senderKey) {
+                    await storage.storeSenderKey(senderName, new sender_key_record_js_1.SenderKeyRecord());
+                }
+                const senderKeyDistributionMessage = await builder.create(senderName);
+                const session = new index_js_3.GroupCipher(storage, senderName);
+                const ciphertext = await session.encrypt(data);
+                return {
+                    ciphertext,
+                    senderKeyDistributionMessage: senderKeyDistributionMessage.serialize()
+                };
+            }, group);
         },
         async injectE2ESession({ jid, session }) {
+            logger.trace({ jid }, 'injecting E2EE session');
             const cipher = new libsignal.SessionBuilder(storage, jidToSignalProtocolAddress(jid));
-            await cipher.initOutgoing(session);
+            return parsedKeys.transaction(async () => {
+                await cipher.initOutgoing(session);
+            }, jid);
         },
         jidToSignalProtocolAddress(jid) {
             return jidToSignalProtocolAddress(jid).toString();
+        },
+        // Optimized direct access to LID mapping store
+        lidMapping,
+        async validateSession(jid) {
+            try {
+                const addr = jidToSignalProtocolAddress(jid);
+                const session = await storage.loadSession(addr.toString());
+                if (!session) {
+                    return { exists: false, reason: 'no session' };
+                }
+                if (!session.haveOpenSession()) {
+                    return { exists: false, reason: 'no open session' };
+                }
+                return { exists: true };
+            }
+            catch (error) {
+                return { exists: false, reason: 'validation error' };
+            }
+        },
+        async deleteSession(jids) {
+            if (!jids.length)
+                return;
+            // Convert JIDs to signal addresses and prepare for bulk deletion
+            const sessionUpdates = {};
+            jids.forEach(jid => {
+                const addr = jidToSignalProtocolAddress(jid);
+                sessionUpdates[addr.toString()] = null;
+            });
+            // Single transaction for all deletions
+            return parsedKeys.transaction(async () => {
+                await auth.keys.set({ session: sessionUpdates });
+            }, `delete-${jids.length}-sessions`);
+        },
+        async migrateSession(fromJid, toJid) {
+            // TODO: use usync to handle this entire mess
+            if (!fromJid || (!(0, index_js_2.isLidUser)(toJid) && !(0, index_js_2.isHostedLidUser)(toJid)))
+                return { migrated: 0, skipped: 0, total: 0 };
+            // Only support PN to LID migration
+            if (!(0, index_js_2.isPnUser)(fromJid) && !(0, index_js_2.isHostedPnUser)(fromJid)) {
+                return { migrated: 0, skipped: 0, total: 1 };
+            }
+            const { user } = (0, index_js_2.jidDecode)(fromJid);
+            logger.debug({ fromJid }, 'bulk device migration - loading all user devices');
+            // Get user's device list from storage
+            const { [user]: userDevices } = await parsedKeys.get('device-list', [user]);
+            if (!userDevices) {
+                return { migrated: 0, skipped: 0, total: 0 };
+            }
+            const { device: fromDevice } = (0, index_js_2.jidDecode)(fromJid);
+            const fromDeviceStr = fromDevice?.toString() || '0';
+            if (!userDevices.includes(fromDeviceStr)) {
+                userDevices.push(fromDeviceStr);
+            }
+            // Filter out cached devices before database fetch
+            const uncachedDevices = userDevices.filter(device => {
+                const deviceKey = `${user}.${device}`;
+                return !migratedSessionCache.has(deviceKey);
+            });
+            // Bulk check session existence only for uncached devices
+            const deviceSessionKeys = uncachedDevices.map(device => `${user}.${device}`);
+            const existingSessions = await parsedKeys.get('session', deviceSessionKeys);
+            // Step 3: Convert existing sessions to JIDs (only migrate sessions that exist)
+            const deviceJids = [];
+            for (const [sessionKey, sessionData] of Object.entries(existingSessions)) {
+                if (sessionData) {
+                    // Session exists in storage
+                    const deviceStr = sessionKey.split('.')[1];
+                    if (!deviceStr)
+                        continue;
+                    const deviceNum = parseInt(deviceStr);
+                    let jid = deviceNum === 0 ? `${user}@s.whatsapp.net` : `${user}:${deviceNum}@s.whatsapp.net`;
+                    if (deviceNum === 99) {
+                        jid = `${user}:99@hosted`;
+                    }
+                    deviceJids.push(jid);
+                }
+            }
+            logger.debug({
+                fromJid,
+                totalDevices: userDevices.length,
+                devicesWithSessions: deviceJids.length,
+                devices: deviceJids
+            }, 'bulk device migration complete - all user devices processed');
+            // Single transaction for all migrations
+            return parsedKeys.transaction(async () => {
+                const migrationOps = deviceJids.map(jid => {
+                    const lidWithDevice = (0, index_js_2.transferDevice)(jid, toJid);
+                    const fromDecoded = (0, index_js_2.jidDecode)(jid);
+                    const toDecoded = (0, index_js_2.jidDecode)(lidWithDevice);
+                    return {
+                        fromJid: jid,
+                        toJid: lidWithDevice,
+                        pnUser: fromDecoded.user,
+                        lidUser: toDecoded.user,
+                        deviceId: fromDecoded.device || 0,
+                        fromAddr: jidToSignalProtocolAddress(jid),
+                        toAddr: jidToSignalProtocolAddress(lidWithDevice)
+                    };
+                });
+                const totalOps = migrationOps.length;
+                let migratedCount = 0;
+                // Bulk fetch PN sessions - already exist (verified during device discovery)
+                const pnAddrStrings = Array.from(new Set(migrationOps.map(op => op.fromAddr.toString())));
+                const pnSessions = await parsedKeys.get('session', pnAddrStrings);
+                // Prepare bulk session updates (PN → LID migration + deletion)
+                const sessionUpdates = {};
+                for (const op of migrationOps) {
+                    const pnAddrStr = op.fromAddr.toString();
+                    const lidAddrStr = op.toAddr.toString();
+                    const pnSession = pnSessions[pnAddrStr];
+                    if (pnSession) {
+                        // Session exists (guaranteed from device discovery)
+                        const fromSession = libsignal.SessionRecord.deserialize(pnSession);
+                        if (fromSession.haveOpenSession()) {
+                            // Queue for bulk update: copy to LID, delete from PN
+                            sessionUpdates[lidAddrStr] = fromSession.serialize();
+                            sessionUpdates[pnAddrStr] = null;
+                            migratedCount++;
+                        }
+                    }
+                }
+                // Single bulk session update for all migrations
+                if (Object.keys(sessionUpdates).length > 0) {
+                    await parsedKeys.set({ session: sessionUpdates });
+                    logger.debug({ migratedSessions: migratedCount }, 'bulk session migration complete');
+                    // Cache device-level migrations
+                    for (const op of migrationOps) {
+                        if (sessionUpdates[op.toAddr.toString()]) {
+                            const deviceKey = `${op.pnUser}.${op.deviceId}`;
+                            migratedSessionCache.set(deviceKey, true);
+                        }
+                    }
+                }
+                const skippedCount = totalOps - migratedCount;
+                return { migrated: migratedCount, skipped: skippedCount, total: totalOps };
+            }, `migrate-${deviceJids.length}-sessions-${(0, index_js_2.jidDecode)(toJid)?.user}`);
         }
     };
+    return repository;
 }
 const jidToSignalProtocolAddress = (jid) => {
-    const { user, device } = (0, WABinary_1.jidDecode)(jid);
-    return new libsignal.ProtocolAddress(user, device || 0);
+    const decoded = (0, index_js_2.jidDecode)(jid);
+    const { user, device, server, domainType } = decoded;
+    if (!user) {
+        throw new Error(`JID decoded but user is empty: "${jid}" -> user: "${user}", server: "${server}", device: ${device}`);
+    }
+    const signalUser = domainType !== index_js_2.WAJIDDomains.WHATSAPP ? `${user}_${domainType}` : user;
+    const finalDevice = device || 0;
+    if (device === 99 && decoded.server !== 'hosted' && decoded.server !== 'hosted.lid') {
+        throw new Error('Unexpected non-hosted device JID with device 99. This ID seems invalid. ID:' + jid);
+    }
+    return new libsignal.ProtocolAddress(signalUser, finalDevice);
 };
 const jidToSignalSenderKeyName = (group, user) => {
-    return new sender_key_name_1.SenderKeyName(group, jidToSignalProtocolAddress(user));
+    return new sender_key_name_js_1.SenderKeyName(group, jidToSignalProtocolAddress(user));
 };
-function signalStorage({ creds, keys }) {
+function signalStorage({ creds, keys }, lidMapping) {
+    // Shared function to resolve PN signal address to LID if mapping exists
+    const resolveLIDSignalAddress = async (id) => {
+        if (id.includes('.')) {
+            const [deviceId, device] = id.split('.');
+            const [user, domainType_] = deviceId.split('_');
+            const domainType = parseInt(domainType_ || '0');
+            if (domainType === index_js_2.WAJIDDomains.LID || domainType === index_js_2.WAJIDDomains.HOSTED_LID)
+                return id;
+            const pnJid = `${user}${device !== '0' ? `:${device}` : ''}@${domainType === index_js_2.WAJIDDomains.HOSTED ? 'hosted' : 's.whatsapp.net'}`;
+            const lidForPN = await lidMapping.getLIDForPN(pnJid);
+            if (lidForPN) {
+                const lidAddr = jidToSignalProtocolAddress(lidForPN);
+                return lidAddr.toString();
+            }
+        }
+        return id;
+    };
     return {
         loadSession: async (id) => {
-            const { [id]: sess } = await keys.get('session', [id]);
-            if (sess) {
-                return libsignal.SessionRecord.deserialize(sess);
+            try {
+                const wireJid = await resolveLIDSignalAddress(id);
+                const { [wireJid]: sess } = await keys.get('session', [wireJid]);
+                if (sess) {
+                    return libsignal.SessionRecord.deserialize(sess);
+                }
+            }
+            catch (e) {
+                return null;
             }
+            return null;
         },
         storeSession: async (id, session) => {
-            await keys.set({ session: { [id]: session.serialize() } });
+            const wireJid = await resolveLIDSignalAddress(id);
+            await keys.set({ session: { [wireJid]: session.serialize() } });
         },
         isTrustedIdentity: () => {
-            return true;
+            return true; // TOFU - Trust on First Use (same as WhatsApp Web)
+        },
+        loadIdentityKey: async (id) => {
+            const wireJid = await resolveLIDSignalAddress(id);
+            const { [wireJid]: key } = await keys.get('identity-key', [wireJid]);
+            return key || undefined;
+        },
+        saveIdentity: async (id, identityKey) => {
+            const wireJid = await resolveLIDSignalAddress(id);
+            const { [wireJid]: existingKey } = await keys.get('identity-key', [wireJid]);
+            const keysMatch = existingKey &&
+                existingKey.length === identityKey.length &&
+                existingKey.every((byte, i) => byte === identityKey[i]);
+            if (existingKey && !keysMatch) {
+                // Identity changed - clear session and update key
+                await keys.set({
+                    session: { [wireJid]: null },
+                    'identity-key': { [wireJid]: identityKey }
+                });
+                return true;
+            }
+            if (!existingKey) {
+                // New contact - Trust on First Use (TOFU)
+                await keys.set({ 'identity-key': { [wireJid]: identityKey } });
+                return true;
+            }
+            return false;
         },
         loadPreKey: async (id) => {
             const keyId = id.toString();
@@ -153,9 +457,9 @@ function signalStorage({ creds, keys }) {
             const keyId = senderKeyName.toString();
             const { [keyId]: key } = await keys.get('sender-key', [keyId]);
             if (key) {
-                return sender_key_record_1.SenderKeyRecord.deserialize(key);
+                return sender_key_record_js_1.SenderKeyRecord.deserialize(key);
             }
-            return new sender_key_record_1.SenderKeyRecord();
+            return new sender_key_record_js_1.SenderKeyRecord();
         },
         storeSenderKey: async (senderKeyName, key) => {
             const keyId = senderKeyName.toString();
@@ -167,7 +471,7 @@ function signalStorage({ creds, keys }) {
             const { signedIdentityKey } = creds;
             return {
                 privKey: Buffer.from(signedIdentityKey.private),
-                pubKey: (0, Utils_1.generateSignalPubKey)(signedIdentityKey.public)
+                pubKey: Buffer.from((0, index_js_1.generateSignalPubKey)(signedIdentityKey.public))
             };
         }
     };

package/lib/Signal/lid-mapping.d.ts

@@ -0,0 +1,19 @@
+import type { LIDMapping, SignalKeyStoreWithTransaction } from '../Types/index.js';
+import type { ILogger } from '../Utils/logger.js';
+export declare class LIDMappingStore {
+    private readonly mappingCache;
+    private readonly keys;
+    private readonly logger;
+    private pnToLIDFunc?;
+    private readonly inflightLIDLookups;
+    private readonly inflightPNLookups;
+    constructor(keys: SignalKeyStoreWithTransaction, logger: ILogger, pnToLIDFunc?: (jids: string[]) => Promise<LIDMapping[] | undefined>);
+    storeLIDPNMappings(pairs: LIDMapping[]): Promise<void>;
+    getLIDForPN(pn: string): Promise<string | null>;
+    getLIDsForPNs(pns: string[]): Promise<LIDMapping[] | null>;
+    private _getLIDsForPNsImpl;
+    getPNForLID(lid: string): Promise<string | null>;
+    getPNsForLIDs(lids: string[]): Promise<LIDMapping[] | null>;
+    private _getPNsForLIDsImpl;
+}
+//# sourceMappingURL=lid-mapping.d.ts.map