nodejs-insta-private-api-mqt 1.3.80 → 1.3.81

package/dist/core/state.js

@@ -168,10 +168,7 @@ class State {
 
   extractCookieValue(key) {
     const cookie = this.extractCookie(key);
-    if (!cookie) {
-      throw new Error(`Could not find cookie: ${key}`);
-    }
-    return cookie.value;
+    return cookie ? cookie.value : null;
   }
 
   get cookieCsrfToken() {
@@ -310,7 +307,8 @@ class State {
       connectionTypeHeader: this.connectionTypeHeader,
       capabilitiesHeader: this.capabilitiesHeader,
       requestId: this.requestId,
-      traySessionId: this.traySessionId
+      traySessionId: this.traySessionId,
+      userId: this._userId || null
     };
     return obj;
   }
@@ -357,6 +355,11 @@ class State {
       }
     }
 
+    // If serialized state carried a raw userId, restore it into the internal field
+    if (obj.userId && !this._userId) {
+      this._userId = obj.userId;
+    }
+
     // refresh parsed authorization (if any)
     this.updateAuthorization();
   }

package/dist/repositories/account.repository.js

@@ -25,6 +25,329 @@ class AccountRepository extends Repository {
     }
   }
 
+  /**
+   * Helper: try to extract an IGT bearer token from various sources:
+   * - response.headers (IG-Set-Authorization or ig-set-authorization)
+   * - response.body top-level fields
+   * - body.layout (stringified layout)
+   * - any embedded login_response.headers JSON inside layout or body
+   *
+   * When found, sets this.client.state.authorization and calls updateAuthorization().
+   */
+  _extractAndSaveAuthorization(response) {
+    if (!response) return null;
+
+    // Normalize headers (case-insensitive)
+    const headers = {};
+    if (response.headers && typeof response.headers === 'object') {
+      for (const k of Object.keys(response.headers)) {
+        headers[k.toLowerCase()] = response.headers[k];
+      }
+    }
+
+    // 1) Check response headers first (server may set IG-Set-Authorization)
+    const headerCandidates = [
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'.toLowerCase()],
+      headers['ig-set-authorization'.toUpperCase()],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+      headers['ig-set-authorization'],
+    ]; // (we'll just check the normalized header below)
+
+    // Simpler: look for any header that contains 'IG-Set-Authorization' or 'ig-set-authorization'
+    for (const key of Object.keys(headers)) {
+      const val = headers[key];
+      if (!val) continue;
+      if (key.includes('ig-set-authorization') || key === 'ig-set-authorization' || key === 'ig-set-authorization'.toLowerCase()) {
+        const token = this._normalizeTokenString(val);
+        if (token) {
+          this.client.state.authorization = token;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
+          return token;
+        }
+      }
+      // Some servers include the header value inside a JSON-like string in other headers
+      if (typeof val === 'string' && val.includes('Bearer IGT:2:')) {
+        const token = this._findBearerInString(val);
+        if (token) {
+          this.client.state.authorization = token;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
+          return token;
+        }
+      }
+    }
+
+    // Extract IG-U headers (user id, region, claim) when present
+    const dsUserIdHeader =
+      headers['ig-set-ig-u-ds-user-id'] ||
+      headers['ig-u-ds-user-id'] ||
+      headers['x-ig-set-ig-u-ds-user-id'];
+    if (dsUserIdHeader) {
+      const m = String(dsUserIdHeader).match(/(\d{3,})/);
+      if (m) {
+        const uid = m[1];
+        this.client.state.cookieUserId = uid;
+        this.client.state._userId = uid;
+      }
+    }
+
+    const rurHeader =
+      headers['ig-set-ig-u-rur'] ||
+      headers['ig-u-rur'] ||
+      headers['x-ig-set-ig-u-rur'];
+    if (rurHeader) {
+      const rur = String(rurHeader).trim().replace(/^"|"$/g, '');
+      if (rur) {
+        this.client.state.igURur = rur;
+      }
+    }
+
+    const wwwClaimHeader =
+      headers['x-ig-set-www-claim'] ||
+      headers['ig-set-www-claim'] ||
+      headers['ig-u-www-claim'];
+    if (wwwClaimHeader) {
+      const claim = String(wwwClaimHeader).trim().replace(/^"|"$/g, '');
+      if (claim) {
+        this.client.state.igWWWClaim = claim;
+      }
+    }
+
+    const midHeader =
+      headers['ig-set-x-mid'] ||
+      headers['x-mid'] ||
+      headers['ig-set-mid'];
+    if (midHeader) {
+      const mid = String(midHeader).trim().replace(/^"|"$/g, '');
+      if (mid) {
+        this.client.state.mid = mid;
+      }
+    }
+
+    // 2) Check response.body for common fields
+    const body = response.body;
+    if (body) {
+      // If body has headers string (some responses embed headers JSON as a string)
+      if (body.headers && typeof body.headers === 'string') {
+        const token = this._findBearerInString(body.headers);
+        if (token) {
+          this.client.state.authorization = token;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
+          return token;
+        }
+      }
+
+      // If body contains a layout object or string, stringify and search it
+      try {
+        let layoutStr = null;
+        if (body.layout) {
+          layoutStr = typeof body.layout === 'string' ? body.layout : JSON.stringify(body.layout);
+        } else if (body?.layout?.bloks_payload) {
+          layoutStr = JSON.stringify(body.layout.bloks_payload);
+        } else if (body?.bloks_payload) {
+          layoutStr = JSON.stringify(body.bloks_payload);
+        }
+
+        if (!layoutStr && typeof body === 'string') {
+          layoutStr = body;
+        }
+
+        if (layoutStr) {
+          const token = this._findBearerInString(layoutStr);
+          if (token) {
+            this.client.state.authorization = token;
+            try { this.client.state.updateAuthorization(); } catch (e) {}
+            return token;
+          }
+
+          // Some responses embed a login_response JSON string inside layout; try to extract it
+          const loginResponseMatch = layoutStr.match(/"login_response"\s*:\s*"(\\?{.*?\\?})"/s);
+          if (loginResponseMatch) {
+            // Unescape JSON string
+            let jsonStr = loginResponseMatch[1];
+            try {
+              jsonStr = jsonStr.replace(/\\"/g, '"').replace(/\\n/g, '');
+              const parsed = JSON.parse(jsonStr);
+              if (parsed && parsed.headers) {
+                const token = this._findBearerInString(parsed.headers);
+                if (token) {
+                  this.client.state.authorization = token;
+                  try { this.client.state.updateAuthorization(); } catch (e) {}
+                  return token;
+                }
+              }
+            } catch (e) {
+              // ignore parse errors
+            }
+          }
+
+          // Also try to find IG-Set-Password-Encryption headers (not token but useful)
+          const encKeyIdMatch = layoutStr.match(/IG-Set-Password-Encryption-Key-Id[\\"\s:]+(\d+)/i) ||
+                                layoutStr.match(/password.encryption.key.id[\\"\s:]+(\d+)/i);
+          if (encKeyIdMatch) {
+            this.client.state.passwordEncryptionKeyId = parseInt(encKeyIdMatch[1]);
+          }
+          const encPubKeyMatch = layoutStr.match(/IG-Set-Password-Encryption-Pub-Key[\\"\s:]+([A-Za-z0-9+\/=]+)/i) ||
+                                 layoutStr.match(/password.encryption.pub.key[\\"\s:]+([A-Za-z0-9+\/=]+)/i);
+          if (encPubKeyMatch) {
+            this.client.state.passwordEncryptionPubKey = encPubKeyMatch[1];
+          }
+
+          // Extract user/account identifiers from layout string
+          const dsIdMatch =
+            layoutStr.match(/ig-set-ig-u-ds-user-id[\\"\s:]+(\d+)/i) ||
+            layoutStr.match(/ig-u-ds-user-id[\\"\s:]+(\d+)/i) ||
+            layoutStr.match(/"strong_id__"\s*:\s*"(\d+)"/i) ||
+            layoutStr.match(/"pk_id"\s*:\s*"(\d+)"/i) ||
+            layoutStr.match(/"pk"\s*:\s*(\d+)/i);
+          if (dsIdMatch) {
+            const uid = String(dsIdMatch[1]);
+            this.client.state.cookieUserId = uid;
+            this.client.state._userId = uid;
+          }
+
+          const rurMatch =
+            layoutStr.match(/ig-set-ig-u-rur[\\"\s:]+"([^"\\]+)/i) ||
+            layoutStr.match(/ig-u-rur[\\"\s:]+"([^"\\]+)/i);
+          if (rurMatch) {
+            this.client.state.igURur = rurMatch[1];
+          }
+
+          const wwwClaimMatch = layoutStr.match(/x-ig-set-www-claim[\\"\s:]+"([^"\\]+)/i);
+          if (wwwClaimMatch) {
+            this.client.state.igWWWClaim = wwwClaimMatch[1];
+          }
+
+          const midMatch = layoutStr.match(/"mid"\s*:\s*"([^"\\]+)"/i);
+          if (midMatch) {
+            this.client.state.mid = midMatch[1];
+          }
+        }
+      } catch (e) {
+        // ignore
+      }
+
+      // 3) If body.logged_in_user exists and we have authorization already, return it
+      if (body.logged_in_user && this.client.state.authorization) {
+        return this.client.state.authorization;
+      }
+    }
+
+    return null;
+  }
+
+  // Normalize token string: accept either raw token or "Bearer IGT:2:..." and return trimmed token string
+  _normalizeTokenString(val) {
+    if (!val || typeof val !== 'string') return null;
+    // If header already contains "Bearer IGT:2:..."
+    const bearer = this._findBearerInString(val);
+    if (bearer) return bearer;
+    // If header contains JSON with IG-Set-Authorization field
+    try {
+      const maybeJson = JSON.parse(val);
+      if (maybeJson['IG-Set-Authorization']) {
+        return this._findBearerInString(maybeJson['IG-Set-Authorization']);
+      }
+    } catch (e) {
+      // not JSON
+    }
+    // fallback: return trimmed value
+    return val.trim();
+  }
+
+  // Find bearer token in arbitrary string using multiple patterns
+  _findBearerInString(str) {
+    if (!str || typeof str !== 'string') return null;
+    // Patterns to match the Bearer token in many possible encodings/escapes
+    const bearerPatterns = [
+      /Bearer IGT:2:[A-Za-z0-9+\/=]+/,
+      /Bearer\s+IGT:2:[A-Za-z0-9+\/=]+/,
+      /\\?"Bearer IGT:2:([A-Za-z0-9+\/=]+)\\?"/,
+      /ig-set-authorization[\\"\s:]*Bearer IGT:2:([A-Za-z0-9+\/=]+)/i,
+      /"IG-Set-Authorization"\s*:\s*"(Bearer IGT:2:[A-Za-z0-9+\/=]+)"/i,
+      /IG-Set-Authorization[\s:]+(Bearer IGT:2:[A-Za-z0-9+\/=]+)/i,
+      /Bearer IGT:2:([A-Za-z0-9+\/=]+)/,
+    ];
+
+    for (const pattern of bearerPatterns) {
+      const m = str.match(pattern);
+      if (m) {
+        // If capturing group present, prefer it
+        if (m[1]) {
+          const token = m[1].includes('Bearer IGT:2:') ? m[1] : `Bearer IGT:2:${m[1]}`;
+          return token.replace(/\\?"/g, '').trim();
+        }
+        // Otherwise m[0] contains the full token
+        return m[0].replace(/\\?"/g, '').trim();
+      }
+    }
+
+    return null;
+  }
+
+  // Ensure we have a valid csrftoken cookie (and mid) before sensitive endpoints.
+  // Instagram typically sets csrftoken via /api/v1/si/fetch_headers/.
+  async ensureCsrfToken() {
+    const cookieToken = this.client.state.cookieCsrfToken;
+    if (cookieToken && cookieToken !== 'missing' && cookieToken !== 'pending') {
+      try { this.client.state.csrfToken = cookieToken; } catch {}
+      return cookieToken;
+    }
+
+    // Warmup endpoint that returns/set cookies (csrftoken, mid, etc.)
+    try {
+      await this.client.request.send({
+        method: 'GET',
+        url: `/api/v1/si/fetch_headers/?challenge_type=signup&guid=${this.client.state.uuid}`,
+      });
+    } catch (e) {
+      // ignore warmup failures
+    }
+
+    const token = this.client.state.cookieCsrfToken;
+    if (token && token !== 'missing' && token !== 'pending') {
+      try { this.client.state.csrfToken = token; } catch {}
+      return token;
+    }
+    return null;
+  }
+
+
   async login(credentialsOrUsername, passwordArg) {
     let username, password;
     if (typeof credentialsOrUsername === 'object' && credentialsOrUsername !== null) {
@@ -44,7 +367,9 @@ class AccountRepository extends Repository {
 
     const { encrypted, time } = this.encryptPassword(password);
 
-    return this.requestWithRetry(async () => {
+    
+    const csrfToken = await this.ensureCsrfToken();
+return this.requestWithRetry(async () => {
       const aacInitTimestamp = Math.floor(Date.now() / 1000) - Math.floor(Math.random() * 50);
       const aacjid = crypto.randomUUID ? crypto.randomUUID() : require('uuid').v4();
       const aaccs = crypto.randomBytes(32).toString('base64url');
@@ -92,35 +417,65 @@ class AccountRepository extends Repository {
       const attestParams = AccountRepository.generateAttestParams(this.client.state);
 
       const bloksHeaders = {
+        ...(csrfToken ? { 'X-CSRFToken': csrfToken } : {}),
+        'Accept-Language': `${(this.client.state.language || 'ro_RO').replace('_', '-')} , en-US`,
+        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
+
+        'IG-Intended-User-Id': '0',
+
+        'X-Bloks-Is-Layout-Rtl': 'false',
         'X-Bloks-Prism-Ax-Base-Colors-Enabled': 'false',
         'X-Bloks-Prism-Button-Version': 'CONTROL',
         'X-Bloks-Prism-Colors-Enabled': 'true',
         'X-Bloks-Prism-Font-Enabled': 'false',
         'X-Bloks-Prism-Indigo-Link-Version': '0',
+        'X-Bloks-Version-Id': this.client.state.bloksVersionId,
+
+        'X-FB-Client-Ip': 'True',
+        'X-FB-Connection-Type': 'WIFI',
         'X-FB-Friendly-Name': 'IgApi: bloks/async_action/com.bloks.www.bloks.caa.login.async.send_login_request/',
+        'X-FB-Network-Properties': 'VPN;Validated;LocalAddrs=/10.0.0.2,;',
         'X-FB-Request-Analytics-Tags': JSON.stringify({
           network_tags: {
-            product: this.client.state.fbAnalyticsApplicationId,
+            product: String(this.client.state.fbAnalyticsApplicationId || ''),
             purpose: 'fetch',
             surface: 'undefined',
             request_category: 'api',
             retry_attempt: '0',
           },
         }),
-        'X-IG-Client-Endpoint': 'com.bloks.www.caa.login.aymh_single_profile_screen_entry',
-        'X-Tigon-Is-Retry': 'False',
+        'X-FB-Server-Cluster': 'True',
         'X-FB-RMD': 'state=URL_ELIGIBLE',
-        'X-IG-Attest-Params': JSON.stringify(attestParams),
-        'X-FB-Connection-Type': 'MOBILE.LTE',
-        'X-FB-Network-Properties': 'VPN;Metered;Validated;LocalAddrs=/10.0.0.2,;',
         'X-FB-Conn-UUID-Client': crypto.randomBytes(16).toString('hex'),
+        'X-FB-HTTP-Engine': 'MNS/TCP',
+
+        'X-IG-Client-Endpoint': 'com.bloks.www.caa.login.aymh_single_profile_screen_entry',
+        'X-IG-Connection-Type': 'WIFI',
+        'X-IG-Capabilities': '3brTv10=',
+        'X-IG-App-ID': String(this.client.state.fbAnalyticsApplicationId || ''),
+        'X-IG-App-Locale': (this.client.state.language || 'ro_RO'),
+        'X-IG-Device-Locale': (this.client.state.language || 'ro_RO'),
+        'X-IG-Mapped-Locale': (this.client.state.language || 'ro_RO'),
+        'X-IG-Android-Id': this.client.state.androidDeviceId || this.client.state.deviceId || '',
+        'X-IG-Device-Id': this.client.state.deviceId,
+        'X-IG-Family-Device-Id': this.client.state.phoneId,
+        'X-IG-Timezone-Offset': String(typeof this.client.state.timezoneOffset === 'number' ? this.client.state.timezoneOffset : 7200),
+        'X-IG-WWW-Claim': this.client.state.igWWWClaim || '0',
+        'X-IG-Nav-Chain': 'LockoutFragment:dogfooding_lockout:1:cold_start:...caa.login.aymh_single_profile_screen_entry:9:button:0::0',
+
+        'X-IG-Attest-Params': JSON.stringify(attestParams),
+
+        'X-Mid': this.client.state.mid || '',
+        'X-Pigeon-Rawclienttime': (Date.now() / 1000).toFixed(3),
+        'X-Pigeon-Session-Id': this.client.state.pigeonSessionId || 'UFS-' + (crypto.randomBytes(16).toString('hex')),
+        'X-Tigon-Is-Retry': 'False',
+
         'X-IG-Bandwidth-Speed-KBPS': (Math.random() * 1500 + 1500).toFixed(3),
         'X-IG-Bandwidth-TotalBytes-B': '0',
         'X-IG-Bandwidth-TotalTime-MS': '0',
-        'X-IG-Connection-Type': 'MOBILE(LTE)',
-        'X-IG-Capabilities': '3brTv10=',
+
         'Accept-Encoding': 'gzip, deflate',
-        'X-FB-HTTP-Engine': 'MNS/TCP',
+        'User-Agent': this.client.state.userAgent || 'Instagram 371.0.0.0.23 Android (30/11; 320dpi; 720x1449; Xiaomi/Redmi; M2006C3MNG; angelican; mt6765; ro_RO; 703217507)',
       };
 
       const response = await this.client.request.send({
@@ -129,35 +484,65 @@ class AccountRepository extends Repository {
         form: { params: paramsJson },
         headers: bloksHeaders,
       });
+   // === DEBUG LOGIN: salvați răspunsul brut de la server pentru analiză ===
+      try {
+        const fs = require('fs');
+        const path = require('path');
+
+        const debugDir = path.join(process.cwd(), 'authinfo_instagram');
+        const debugFile = path.join(debugDir, 'login-debug.json');
+
+        // asigură-te că folderul există
+        try {
+          fs.mkdirSync(debugDir, { recursive: true });
+        } catch (e) {}
+
+        const debugPayload = {
+          at: new Date().toISOString(),
+          statusCode: response.statusCode || response.status || null,
+          headers: response.headers || null,
+          body: response.body || null,
+        };
+
+        fs.writeFileSync(debugFile, JSON.stringify(debugPayload, null, 2), 'utf8');
+      } catch (e) {
+        // nu stricăm login-ul dacă nu merge debug-ul
+      }
+      // === SFÂRȘIT DEBUG LOGIN ===   
 
       const body = response.body;
 
-      if (body.two_factor_required) {
+      // Immediately attempt to extract and save authorization token from the response
+      // This covers tokens returned in headers, in layout payloads, or embedded login_response headers.
+      this._extractAndSaveAuthorization(response);
+
+      if (body && body.two_factor_required) {
         const err = new Error('Two factor authentication required');
         err.name = 'IgLoginTwoFactorRequiredError';
         err.twoFactorInfo = body.two_factor_info;
         throw err;
       }
-      if (body.error_type === 'bad_password') {
+      if (body && body.error_type === 'bad_password') {
         const err = new Error('Bad password');
         err.name = 'IgLoginBadPasswordError';
         throw err;
       }
-      if (body.error_type === 'invalid_user') {
+      if (body && body.error_type === 'invalid_user') {
         const err = new Error('Invalid user');
         err.name = 'IgLoginInvalidUserError';
         throw err;
       }
-      if (body.message === 'challenge_required') {
+      if (body && body.message === 'challenge_required') {
         const err = new Error('Challenge required');
         err.name = 'IgCheckpointError';
         err.challengeInfo = body.challenge;
         throw err;
       }
 
-      if (body.layout) {
+      if (body && body.layout) {
         const layoutStr = typeof body.layout === 'string' ? body.layout : JSON.stringify(body.layout);
 
+        // If layout contains two-factor markers, parse and throw
         if (layoutStr.includes('two_factor_required') || layoutStr.includes('"two_factor_info"')) {
           let twoFactorInfo = null;
           try {
@@ -189,24 +574,14 @@ class AccountRepository extends Repository {
           throw err;
         }
 
-        const bearerPatterns = [
-          /Bearer IGT:2:[A-Za-z0-9+\/=]+/,
-          /Bearer\s+IGT:2:[A-Za-z0-9+\/=]+/,
-          /\\?"Bearer IGT:2:([A-Za-z0-9+\/=]+)\\?"/,
-          /ig-set-authorization[\\"\s:]*Bearer IGT:2:([A-Za-z0-9+\/=]+)/i,
-        ];
-        for (const pattern of bearerPatterns) {
-          const bearerMatch = layoutStr.match(pattern);
-          if (bearerMatch) {
-            const token = bearerMatch[0].includes('Bearer IGT:2:')
-              ? bearerMatch[0].replace(/^.*?(Bearer IGT:2:[A-Za-z0-9+\/=]+).*$/, '$1')
-              : `Bearer IGT:2:${bearerMatch[1]}`;
-            this.client.state.authorization = token.replace(/\\?"/g, '').trim();
-            this.client.state.updateAuthorization();
-            break;
-          }
+        // Additional attempt to extract token from layout string (redundant but robust)
+        const tokenFromLayout = this._findBearerInString(layoutStr);
+        if (tokenFromLayout) {
+          this.client.state.authorization = tokenFromLayout;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
         }
 
+        // Extract pk (user id) from layout if present
         const pkPatterns = [
           /\\"pk\\":\s*(\d+)/,
           /"pk":\s*(\d+)/,
@@ -226,6 +601,7 @@ class AccountRepository extends Repository {
           }
         }
 
+        // Extract IG-Set-WWW-Claim if present
         const wwwClaimPatterns = [
           /IG-Set-WWW-Claim[\\"\s:]+([a-f0-9]+)/i,
           /ig-set-www-claim[\\"\s:]+([a-f0-9]+)/i,
@@ -240,6 +616,7 @@ class AccountRepository extends Repository {
           }
         }
 
+        // Extract encryption key id and pub key (already attempted earlier in _extractAndSaveAuthorization)
         const encKeyIdMatch = layoutStr.match(/IG-Set-Password-Encryption-Key-Id[\\"\s:]+(\d+)/i) ||
                               layoutStr.match(/password.encryption.key.id[\\"\s:]+(\d+)/i);
         if (encKeyIdMatch) {
@@ -258,6 +635,7 @@ class AccountRepository extends Repository {
           this.client.state.mid = midMatch[1];
         }
 
+        // If layout contains a direct logged_in_user JSON, extract and return it
         const loginResponsePatterns = [
           /\\"logged_in_user\\":\{[^}]*\\"pk\\":(\d+)[^}]*\\"username\\":\\"([^"\\]+)\\"/,
           /"logged_in_user":\{[^}]*"pk":(\d+)[^}]*"username":"([^"]+)"/,
@@ -276,6 +654,7 @@ class AccountRepository extends Repository {
           }
         }
 
+        // If we have extracted a pk and we also have authorization, try to fetch current user
         if (extractedPk && this.client.state.authorization) {
           try {
             const userInfo = await this.currentUser();
@@ -291,15 +670,19 @@ class AccountRepository extends Repository {
         }
       }
 
-      if (body.logged_in_user) {
+      // If server returned logged_in_user directly in body
+      if (body && body.logged_in_user) {
         const lu = body.logged_in_user;
         if (lu.pk) {
           this.client.state.cookieUserId = String(lu.pk);
           this.client.state._userId = String(lu.pk);
         }
+        // Ensure authorization is saved if present in response headers
+        this._extractAndSaveAuthorization(response);
         return lu;
       }
 
+      // If we already have authorization, try to fetch current user to populate state
       if (this.client.state.authorization) {
         try {
           const userInfo = await this.currentUser();
@@ -310,6 +693,7 @@ class AccountRepository extends Repository {
           }
           return user;
         } catch (e) {
+          // fallback: return raw body
           return body;
         }
       }
@@ -334,6 +718,8 @@ class AccountRepository extends Repository {
           phone_id: this.client.state.phoneId,
         }),
       });
+      // Save authorization if present in two-factor response
+      this._extractAndSaveAuthorization(response);
       return response.body;
     });
   }

package/dist/useMultiFileAuthState.js

@@ -1227,6 +1227,30 @@ async function extractStateData(igState) {
   // try to obtain cookie fields
   const cookieFields = await extractCookieFields(igState);
 
+  // try to decode ds_user_id & sessionid from Bearer IGT:2 token (authorization), if present
+  let bearerDsUserId = null;
+  let bearerSessionId = null;
+  try {
+    if (creds.authorization && typeof creds.authorization === 'string') {
+      const m = creds.authorization.match(/^Bearer IGT:2:(.+)$/);
+      if (m && m[1]) {
+        try {
+          const json = Buffer.from(m[1], 'base64').toString('utf8');
+          const parsed = JSON.parse(json);
+          if (parsed && typeof parsed === 'object') {
+            if (parsed.ds_user_id) bearerDsUserId = String(parsed.ds_user_id);
+            if (parsed.sessionid) bearerSessionId = String(parsed.sessionid);
+          }
+        } catch (e2) {
+          // ignore decode errors
+        }
+      }
+    }
+  } catch (e) {
+    // ignore bearer parse error
+  }
+
+
   // Primary identifiers
   let userIdFromState = null;
   try {
@@ -1235,8 +1259,8 @@ async function extractStateData(igState) {
   if (!userIdFromState) {
     userIdFromState = igState.userId || igState.user_id || null;
   }
-  const dsUserIdFromCookies = cookieFields.dsUserIdCookie || igState.dsUserId || igState.ds_user_id || null;
-  const sessionIdFromCookies = cookieFields.sessionIdCookie || null;
+  const dsUserIdFromCookies = cookieFields.dsUserIdCookie || igState.dsUserId || igState.ds_user_id || bearerDsUserId || null;
+  const sessionIdFromCookies = cookieFields.sessionIdCookie || bearerSessionId || null;
   const csrfFromCookies = cookieFields.csrfTokenCookie || null;
   const midFromCookies = cookieFields.midCookie || igState.mid || null;
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-insta-private-api-mqt",
-  "version": "1.3.80",
+  "version": "1.3.81",
   "description": "Complete Instagram MQTT protocol with FULL Featured REALTIME And api Rest All in one project .",
   "main": "dist/index.js",
   "scripts": {