nodejs-insta-private-api-mqt 1.3.80 → 1.3.82

package/dist/core/state.js

@@ -168,10 +168,7 @@ class State {
 
   extractCookieValue(key) {
     const cookie = this.extractCookie(key);
-    if (!cookie) {
-      throw new Error(`Could not find cookie: ${key}`);
-    }
-    return cookie.value;
+    return cookie ? cookie.value : null;
   }
 
   get cookieCsrfToken() {
@@ -310,7 +307,8 @@ class State {
       connectionTypeHeader: this.connectionTypeHeader,
       capabilitiesHeader: this.capabilitiesHeader,
       requestId: this.requestId,
-      traySessionId: this.traySessionId
+      traySessionId: this.traySessionId,
+      userId: this._userId || null
     };
     return obj;
   }
@@ -357,6 +355,11 @@ class State {
       }
     }
 
+    // If serialized state carried a raw userId, restore it into the internal field
+    if (obj.userId && !this._userId) {
+      this._userId = obj.userId;
+    }
+
     // refresh parsed authorization (if any)
     this.updateAuthorization();
   }

package/dist/repositories/account.repository.js

@@ -25,6 +25,284 @@ class AccountRepository extends Repository {
     }
   }
 
+  /**
+   * Helper: try to extract an IGT bearer token from various sources:
+   * - response.headers (IG-Set-Authorization or ig-set-authorization)
+   * - response.body top-level fields
+   * - body.layout (stringified layout)
+   * - any embedded login_response.headers JSON inside layout or body
+   *
+   * When found, sets this.client.state.authorization and calls updateAuthorization().
+   */
+  _extractAndSaveAuthorization(response) {
+    if (!response) return null;
+
+    // Normalize headers (case-insensitive)
+    const headers = {};
+    if (response.headers && typeof response.headers === 'object') {
+      for (const k of Object.keys(response.headers)) {
+        headers[k.toLowerCase()] = response.headers[k];
+      }
+    }
+
+    // Simpler: look for any header that contains ig-set-authorization
+    for (const key of Object.keys(headers)) {
+      const val = headers[key];
+      if (!val) continue;
+      if (key.includes('ig-set-authorization')) {
+        const token = this._normalizeTokenString(val);
+        if (token) {
+          this.client.state.authorization = token;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
+          return token;
+        }
+      }
+      // Some servers include the header value inside a JSON-like string in other headers
+      if (typeof val === 'string' && val.includes('Bearer IGT:2:')) {
+        const token = this._findBearerInString(val);
+        if (token) {
+          this.client.state.authorization = token;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
+          return token;
+        }
+      }
+    }
+
+    // Extract IG-U headers (user id, region, claim) when present
+    const dsUserIdHeader =
+      headers['ig-set-ig-u-ds-user-id'] ||
+      headers['ig-u-ds-user-id'] ||
+      headers['x-ig-set-ig-u-ds-user-id'];
+    if (dsUserIdHeader) {
+      const m = String(dsUserIdHeader).match(/(\d{3,})/);
+      if (m) {
+        const uid = m[1];
+        this.client.state.cookieUserId = uid;
+        this.client.state._userId = uid;
+      }
+    }
+
+    const rurHeader =
+      headers['ig-set-ig-u-rur'] ||
+      headers['ig-u-rur'] ||
+      headers['x-ig-set-ig-u-rur'];
+    if (rurHeader) {
+      const rur = String(rurHeader).trim().replace(/^"|"$/g, '');
+      if (rur) {
+        this.client.state.igURur = rur;
+      }
+    }
+
+    const wwwClaimHeader =
+      headers['x-ig-set-www-claim'] ||
+      headers['ig-set-www-claim'] ||
+      headers['ig-u-www-claim'];
+    if (wwwClaimHeader) {
+      const claim = String(wwwClaimHeader).trim().replace(/^"|"$/g, '');
+      if (claim) {
+        this.client.state.igWWWClaim = claim;
+      }
+    }
+
+    const midHeader =
+      headers['ig-set-x-mid'] ||
+      headers['x-mid'] ||
+      headers['ig-set-mid'];
+    if (midHeader) {
+      const mid = String(midHeader).trim().replace(/^"|"$/g, '');
+      if (mid) {
+        this.client.state.mid = mid;
+      }
+    }
+
+    // 2) Check response.body for common fields
+    const body = response.body;
+    if (body) {
+      // If body has headers string (some responses embed headers JSON as a string)
+      if (body.headers && typeof body.headers === 'string') {
+        const token = this._findBearerInString(body.headers);
+        if (token) {
+          this.client.state.authorization = token;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
+          return token;
+        }
+      }
+
+      // If body contains a layout object or string, stringify and search it
+      try {
+        let layoutStr = null;
+        if (body.layout) {
+          layoutStr = typeof body.layout === 'string' ? body.layout : JSON.stringify(body.layout);
+        } else if (body?.layout?.bloks_payload) {
+          layoutStr = JSON.stringify(body.layout.bloks_payload);
+        } else if (body?.bloks_payload) {
+          layoutStr = JSON.stringify(body.bloks_payload);
+        }
+
+        if (!layoutStr && typeof body === 'string') {
+          layoutStr = body;
+        }
+
+        if (layoutStr) {
+          const token = this._findBearerInString(layoutStr);
+          if (token) {
+            this.client.state.authorization = token;
+            try { this.client.state.updateAuthorization(); } catch (e) {}
+            return token;
+          }
+
+          // Some responses embed a login_response JSON string inside layout; try to extract it
+          const loginResponseMatch = layoutStr.match(/"login_response"\s*:\s*"(\\?{.*?\\?})"/s);
+          if (loginResponseMatch) {
+            // Unescape JSON string
+            let jsonStr = loginResponseMatch[1];
+            try {
+              jsonStr = jsonStr.replace(/\\"/g, '"').replace(/\\n/g, '');
+              const parsed = JSON.parse(jsonStr);
+              if (parsed && parsed.headers) {
+                const token = this._findBearerInString(parsed.headers);
+                if (token) {
+                  this.client.state.authorization = token;
+                  try { this.client.state.updateAuthorization(); } catch (e) {}
+                  return token;
+                }
+              }
+            } catch (e) {
+              // ignore parse errors
+            }
+          }
+
+          // Also try to find IG-Set-Password-Encryption headers (not token but useful)
+          const encKeyIdMatch = layoutStr.match(/IG-Set-Password-Encryption-Key-Id[\\"\s:]+(\d+)/i) ||
+                                layoutStr.match(/password.encryption.key.id[\\"\s:]+(\d+)/i);
+          if (encKeyIdMatch) {
+            this.client.state.passwordEncryptionKeyId = parseInt(encKeyIdMatch[1]);
+          }
+          const encPubKeyMatch = layoutStr.match(/IG-Set-Password-Encryption-Pub-Key[\\"\s:]+([A-Za-z0-9+\/=]+)/i) ||
+                                 layoutStr.match(/password.encryption.pub.key[\\"\s:]+([A-Za-z0-9+\/=]+)/i);
+          if (encPubKeyMatch) {
+            this.client.state.passwordEncryptionPubKey = encPubKeyMatch[1];
+          }
+
+          // Extract user/account identifiers from layout string
+          const dsIdMatch =
+            layoutStr.match(/ig-set-ig-u-ds-user-id[\\"\s:]+(\d+)/i) ||
+            layoutStr.match(/ig-u-ds-user-id[\\"\s:]+(\d+)/i) ||
+            layoutStr.match(/"strong_id__"\s*:\s*"(\d+)"/i) ||
+            layoutStr.match(/"pk_id"\s*:\s*"(\d+)"/i) ||
+            layoutStr.match(/"pk"\s*:\s*(\d+)/i);
+          if (dsIdMatch) {
+            const uid = String(dsIdMatch[1]);
+            this.client.state.cookieUserId = uid;
+            this.client.state._userId = uid;
+          }
+
+          const rurMatch =
+            layoutStr.match(/ig-set-ig-u-rur[\\"\s:]+"([^"\\]+)/i) ||
+            layoutStr.match(/ig-u-rur[\\"\s:]+"([^"\\]+)/i);
+          if (rurMatch) {
+            this.client.state.igURur = rurMatch[1];
+          }
+
+          const wwwClaimMatch = layoutStr.match(/x-ig-set-www-claim[\\"\s:]+"([^"\\]+)/i);
+          if (wwwClaimMatch) {
+            this.client.state.igWWWClaim = wwwClaimMatch[1];
+          }
+
+          const midMatch = layoutStr.match(/"mid"\s*:\s*"([^"\\]+)"/i);
+          if (midMatch) {
+            this.client.state.mid = midMatch[1];
+          }
+        }
+      } catch (e) {
+        // ignore
+      }
+
+      // 3) If body.logged_in_user exists and we have authorization already, return it
+      if (body.logged_in_user && this.client.state.authorization) {
+        return this.client.state.authorization;
+      }
+    }
+
+    return null;
+  }
+
+  // Normalize token string: accept either raw token or "Bearer IGT:2:..." and return trimmed token string
+  _normalizeTokenString(val) {
+    if (!val || typeof val !== 'string') return null;
+    // If header already contains "Bearer IGT:2:..."
+    const bearer = this._findBearerInString(val);
+    if (bearer) return bearer;
+    // If header contains JSON with IG-Set-Authorization field
+    try {
+      const maybeJson = JSON.parse(val);
+      if (maybeJson['IG-Set-Authorization']) {
+        return this._findBearerInString(maybeJson['IG-Set-Authorization']);
+      }
+    } catch (e) {
+      // not JSON
+    }
+    // fallback: return trimmed value
+    return val.trim();
+  }
+
+  // Find bearer token in arbitrary string using multiple patterns
+  _findBearerInString(str) {
+    if (!str || typeof str !== 'string') return null;
+    // Patterns to match the Bearer token in many possible encodings/escapes
+    const bearerPatterns = [
+      /Bearer IGT:2:[A-Za-z0-9+\/=]+/,
+      /Bearer\s+IGT:2:[A-Za-z0-9+\/=]+/,
+      /\?"Bearer IGT:2:([A-Za-z0-9+\/=]+)\?"/,
+      /ig-set-authorization[\\"\s:]*Bearer IGT:2:([A-Za-z0-9+\/=]+)/i,
+      /"IG-Set-Authorization"\s*:\s*"(Bearer IGT:2:[A-Za-z0-9+\/=]+)"/i,
+      /IG-Set-Authorization[\s:]+(Bearer IGT:2:[A-Za-z0-9+\/=]+)/i,
+      /Bearer IGT:2:([A-Za-z0-9+\/=]+)/,
+    ];
+
+    for (const pattern of bearerPatterns) {
+      const m = str.match(pattern);
+      if (m) {
+        // If capturing group present, prefer it
+        if (m[1]) {
+          const token = m[1].includes('Bearer IGT:2:') ? m[1] : `Bearer IGT:2:${m[1]}`;
+          return token.replace(/\?"/g, '').trim();
+        }
+        // Otherwise m[0] contains the full token
+        return m[0].replace(/\?"/g, '').trim();
+      }
+    }
+
+    return null;
+  }
+
+  // Ensure we have a valid csrftoken cookie (and mid) before sensitive endpoints.
+  // Instagram typically sets csrftoken via /api/v1/si/fetch_headers/.
+  async ensureCsrfToken() {
+    const cookieToken = this.client.state.cookieCsrfToken;
+    if (cookieToken && cookieToken !== 'missing' && cookieToken !== 'pending') {
+      try { this.client.state.csrfToken = cookieToken; } catch {}
+      return cookieToken;
+    }
+
+    // Warmup endpoint that returns/set cookies (csrftoken, mid, etc.)
+    try {
+      await this.client.request.send({
+        method: 'GET',
+        url: `/api/v1/si/fetch_headers/?challenge_type=signup&guid=${this.client.state.uuid}`,
+      });
+    } catch (e) {
+      // ignore warmup failures
+    }
+
+    const token = this.client.state.cookieCsrfToken;
+    if (token && token !== 'missing' && token !== 'pending') {
+      try { this.client.state.csrfToken = token; } catch {}
+      return token;
+    }
+    return null;
+  }
+
   async login(credentialsOrUsername, passwordArg) {
     let username, password;
     if (typeof credentialsOrUsername === 'object' && credentialsOrUsername !== null) {
@@ -44,16 +322,53 @@ class AccountRepository extends Repository {
 
     const { encrypted, time } = this.encryptPassword(password);
 
+    // optional CSRF warmup (like app does before login)
+    await this.ensureCsrfToken();
+
     return this.requestWithRetry(async () => {
-      const aacInitTimestamp = Math.floor(Date.now() / 1000) - Math.floor(Math.random() * 50);
+      // ====== client_input_params (oglindă după traficul real) ======
+      const nowSec = Math.floor(Date.now() / 1000);
+      const aacInitTimestamp = nowSec - Math.floor(Math.random() * 50);
       const aacjid = crypto.randomUUID ? crypto.randomUUID() : require('uuid').v4();
-      const aaccs = crypto.randomBytes(32).toString('base64url');
+      const aaccs = crypto.randomBytes(32).toString('base64').replace(/=/g, '');
+
+      const androidDeviceId =
+        this.client.state.androidDeviceId ||
+        this.client.state.deviceId ||
+        `android-${crypto.randomBytes(8).toString('hex')}`;
+
+      const machineId =
+        this.client.state.mid ||
+        this.client.state.machineId ||
+        `aZ${crypto.randomBytes(8).toString('hex')}`;
+
+      const familyDeviceId =
+        this.client.state.phoneId ||
+        this.client.state.familyDeviceId ||
+        crypto.randomUUID
+          ? crypto.randomUUID()
+          : require('uuid').v4();
+
+      const qeDeviceId =
+        this.client.state.deviceId ||
+        this.client.state.qeDeviceId ||
+        crypto.randomUUID
+          ? crypto.randomUUID()
+          : require('uuid').v4();
+
+      const accountsList = this.client.state.accountsList || [];
+
+      const flashCallPermissionStatus = {
+        READ_PHONE_STATE: 'GRANTED',
+        READ_CALL_LOG: 'GRANTED',
+        ANSWER_PHONE_CALLS: 'GRANTED',
+      };
 
       const clientInputParams = {
         aac: JSON.stringify({
           aac_init_timestamp: aacInitTimestamp,
-          aacjid: aacjid,
-          aaccs: aaccs,
+          aacjid,
+          aaccs,
         }),
         sim_phones: [],
         aymh_accounts: [],
@@ -63,25 +378,77 @@ class AccountRepository extends Repository {
         auth_secure_device_id: '',
         has_whatsapp_installed: 1,
         password: `#PWD_INSTAGRAM:4:${time}:${encrypted}`,
-        sso_token_map_json_string: '{}',
+        sso_token_map_json_string: JSON.stringify({
+          [this.client.state.cookieUserId || '0']: [],
+        }),
         block_store_machine_id: '',
-        ig_vetted_device_nonces: '{}',
+        ig_vetted_device_nonces: JSON.stringify({}),
+        cloud_trust_token: null,
+        event_flow: 'login_manual',
+        password_contains_non_ascii: 'false',
+        client_known_key_hash: '',
+        encrypted_msisdn: '',
+        has_granted_read_phone_permissions: 0,
+        app_manager_id: '',
+        should_show_nested_nta_from_aymh: 0,
+        device_id: androidDeviceId,
+        zero_balance_state: '',
+        login_attempt_count: 1,
+        machine_id: machineId,
+        flash_call_permission_status: flashCallPermissionStatus,
+        accounts_list: accountsList,
+        gms_incoming_call_retriever_eligibility: 'client_not_supported',
+        family_device_id: familyDeviceId,
+        fb_ig_device_id: [],
+        device_emails: [],
+        try_num: 1,
+        lois_settings: { lois_token: '' },
+        event_step: 'home_page',
+        headers_infra_flow_id: '',
+        openid_tokens: {},
         contact_point: username,
-        machine_id: this.client.state.mid || '',
-        login_attempt_count: '0',
-        reg_flow_taken: 'phone',
-        device_id: this.client.state.uuid,
-        phone_id: this.client.state.phoneId,
-        family_device_id: this.client.state.phoneId,
-        encryption_enabled: '1',
-        has_dbl_tap_login: 0,
-        jazoest: AccountRepository.createJazoest(this.client.state.phoneId),
-        openid_tokens: '{}',
       };
 
+      // ====== server_params (oglindă după traficul real) ======
+      const waterfallId = crypto.randomUUID ? crypto.randomUUID() : require('uuid').v4();
+      const latencyMarkerId = 36707139;
+      const latencyInstanceId = Number(`${Date.now()}${Math.floor(Math.random() * 1000)}`);
+
       const serverParams = {
+        should_trigger_override_login_2fa_action: 0,
+        is_vanilla_password_page_empty_password: 0,
+        is_from_logged_out: 0,
+        should_trigger_override_login_success_action: 0,
+        login_credential_type: 'none',
+        server_login_source: 'login',
+        waterfall_id: waterfallId,
+        two_step_login_type: 'one_step_login',
+        login_source: 'Login',
+        is_platform_login: 0,
+        INTERNAL__latency_qpl_marker_id: latencyMarkerId,
+        is_from_aymh: 0,
+        offline_experiment_group: 'caa_iteration_v3_perf_ig_4',
+        is_from_landing_page: 0,
+        left_nav_button_action: 'NONE',
+        password_text_input_id: 'z0jejq:194',
+        is_from_empty_password: 0,
+        is_from_msplit_fallback: 0,
+        ar_event_source: 'login_home_page',
+        qe_device_id: qeDeviceId,
+        username_text_input_id: 'z0jejq:193',
+        layered_homepage_experiment_group: null,
+        device_id: androidDeviceId,
+        login_surface: 'switcher',
+        INTERNAL__latency_qpl_instance_id: latencyInstanceId,
+        reg_flow_source: 'login_home_native_integration_point',
+        is_caa_perf_enabled: 1,
         credential_type: 'password',
-        device_id: this.client.state.uuid,
+        is_from_password_entry_page: 0,
+        caller: 'gslr',
+        family_device_id: familyDeviceId,
+        is_from_assistive_id: 0,
+        access_flow_version: 'pre_mt_behavior',
+        is_from_logged_in_switcher: 1,
       };
 
       const paramsJson = JSON.stringify({
@@ -91,73 +458,158 @@ class AccountRepository extends Repository {
 
       const attestParams = AccountRepository.generateAttestParams(this.client.state);
 
+      const bkClientContext = JSON.stringify({
+        bloks_version: this.client.state.bloksVersionId,
+        styles_id: 'instagram',
+      });
+
+      // ====== HEADERS – modelate după request_i.instagram.com_mlwzj8x1.txt ======
+      const lang = (this.client.state.language || 'ro_RO');
+      const acceptLanguage = `${lang.replace('_', '-')}, en-US`;
+
+      const userAgent =
+        this.client.state.userAgent ||
+        'Instagram 371.0.0.0.23 Android (30/11; 320dpi; 720x1449; Xiaomi/Redmi; M2006C3MNG; angelican; mt6765; ro_RO; 703217507)';
+
       const bloksHeaders = {
-        'X-Bloks-Prism-Ax-Base-Colors-Enabled': 'false',
-        'X-Bloks-Prism-Button-Version': 'CONTROL',
-        'X-Bloks-Prism-Colors-Enabled': 'true',
-        'X-Bloks-Prism-Font-Enabled': 'false',
-        'X-Bloks-Prism-Indigo-Link-Version': '0',
-        'X-FB-Friendly-Name': 'IgApi: bloks/async_action/com.bloks.www.bloks.caa.login.async.send_login_request/',
-        'X-FB-Request-Analytics-Tags': JSON.stringify({
+        'accept-language': acceptLanguage,
+        'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
+        'ig-intended-user-id': '0',
+        'priority': 'u=3',
+
+        'x-bloks-is-layout-rtl': 'false',
+        'x-bloks-prism-ax-base-colors-enabled': 'false',
+        'x-bloks-prism-button-version': 'CONTROL',
+        'x-bloks-prism-colors-enabled': 'true',
+        'x-bloks-prism-font-enabled': 'false',
+        'x-bloks-prism-indigo-link-version': '0',
+        'x-bloks-version-id': this.client.state.bloksVersionId,
+
+        'x-fb-client-ip': 'True',
+        'x-fb-connection-type': 'WIFI',
+        'x-fb-friendly-name': 'IgApi: bloks/async_action/com.bloks.www.bloks.caa.login.async.send_login_request/',
+        'x-fb-network-properties': 'VPN;Validated;LocalAddrs=/10.0.0.2,;',
+        'x-fb-request-analytics-tags': JSON.stringify({
           network_tags: {
-            product: this.client.state.fbAnalyticsApplicationId,
+            product: String(this.client.state.fbAnalyticsApplicationId || '567067343352427'),
             purpose: 'fetch',
             surface: 'undefined',
             request_category: 'api',
             retry_attempt: '0',
           },
         }),
-        'X-IG-Client-Endpoint': 'com.bloks.www.caa.login.aymh_single_profile_screen_entry',
-        'X-Tigon-Is-Retry': 'False',
-        'X-FB-RMD': 'state=URL_ELIGIBLE',
-        'X-IG-Attest-Params': JSON.stringify(attestParams),
-        'X-FB-Connection-Type': 'MOBILE.LTE',
-        'X-FB-Network-Properties': 'VPN;Metered;Validated;LocalAddrs=/10.0.0.2,;',
-        'X-FB-Conn-UUID-Client': crypto.randomBytes(16).toString('hex'),
-        'X-IG-Bandwidth-Speed-KBPS': (Math.random() * 1500 + 1500).toFixed(3),
-        'X-IG-Bandwidth-TotalBytes-B': '0',
-        'X-IG-Bandwidth-TotalTime-MS': '0',
-        'X-IG-Connection-Type': 'MOBILE(LTE)',
-        'X-IG-Capabilities': '3brTv10=',
-        'Accept-Encoding': 'gzip, deflate',
-        'X-FB-HTTP-Engine': 'MNS/TCP',
+        'x-fb-server-cluster': 'True',
+
+        'x-ig-android-id': androidDeviceId,
+        'x-ig-app-id': String(this.client.state.fbAnalyticsApplicationId || '567067343352427'),
+        'x-ig-app-locale': lang,
+        'x-ig-attest-params': JSON.stringify(attestParams),
+        'x-ig-bandwidth-speed-kbps': (Math.random() * 1500 + 800).toFixed(3),
+        'x-ig-bandwidth-totalbytes-b': '0',
+        'x-ig-bandwidth-totaltime-ms': '0',
+        'x-ig-client-endpoint': 'com.bloks.www.caa.login.aymh_single_profile_screen_entry',
+        'x-ig-capabilities': '3brTv10=',
+        'x-ig-connection-type': 'WIFI',
+        'x-ig-device-id': qeDeviceId,
+        'x-ig-device-locale': lang,
+        'x-ig-family-device-id': familyDeviceId,
+        'x-ig-mapped-locale': lang,
+        'x-ig-nav-chain':
+          'LockoutFragment:dogfooding_lockout:1:cold_start:...,' +
+          'com.bloks.www.caa.login.aymh_single_profile_screen_entry:com.bloks.www.caa.login.aymh_single_profile_screen_entry:14:button:0:::0',
+        'x-ig-timezone-offset': String(
+          typeof this.client.state.timezoneOffset === 'number'
+            ? this.client.state.timezoneOffset
+            : 7200
+        ),
+        'x-ig-www-claim': this.client.state.igWWWClaim || '0',
+
+        'x-mid': machineId,
+        'x-pigeon-rawclienttime': `${nowSec}.${Math.floor(Math.random() * 1000)
+          .toString()
+          .padStart(3, '0')}`,
+        'x-pigeon-session-id':
+          this.client.state.pigeonSessionId ||
+          `UFS-${crypto.randomBytes(16).toString('hex')}-1`,
+        'x-tigon-is-retry': 'False',
+
+       // ...
+'accept-encoding': 'gzip, deflate, br',
+// ...
+        'user-agent': userAgent,
+        'x-fb-conn-uuid-client': crypto.randomBytes(16).toString('hex'),
+        'x-fb-http-engine': 'MNS/TCP',
+        'x-fb-rmd': 'state=URL_ELIGIBLE',
       };
 
       const response = await this.client.request.send({
         method: 'POST',
         url: '/api/v1/bloks/async_action/com.bloks.www.bloks.caa.login.async.send_login_request/',
-        form: { params: paramsJson },
+        form: {
+          params: paramsJson,
+          bk_client_context: bkClientContext,
+          bloks_versioning_id: this.client.state.bloksVersionId,
+        },
         headers: bloksHeaders,
       });
 
+      // === DEBUG LOGIN: salvăm răspunsul pentru analiză ===
+      try {
+        const fs = require('fs');
+        const path = require('path');
+
+        const debugDir = path.join(process.cwd(), 'authinfo_instagram');
+        const debugFile = path.join(debugDir, 'login-debug.json');
+
+        try {
+          fs.mkdirSync(debugDir, { recursive: true });
+        } catch (e) {}
+
+        const debugPayload = {
+          at: new Date().toISOString(),
+          statusCode: response.statusCode || response.status || null,
+          headers: response.headers || null,
+          body: response.body || null,
+        };
+
+        fs.writeFileSync(debugFile, JSON.stringify(debugPayload, null, 2), 'utf8');
+      } catch (e) {
+        // nu stricăm login-ul dacă nu merge debug-ul
+      }
+      // === SFÂRȘIT DEBUG LOGIN ===
+
       const body = response.body;
 
-      if (body.two_factor_required) {
+      // Immediately attempt to extract and save authorization token from the response
+      this._extractAndSaveAuthorization(response);
+
+      if (body && body.two_factor_required) {
         const err = new Error('Two factor authentication required');
         err.name = 'IgLoginTwoFactorRequiredError';
         err.twoFactorInfo = body.two_factor_info;
         throw err;
       }
-      if (body.error_type === 'bad_password') {
+      if (body && body.error_type === 'bad_password') {
         const err = new Error('Bad password');
         err.name = 'IgLoginBadPasswordError';
         throw err;
       }
-      if (body.error_type === 'invalid_user') {
+      if (body && body.error_type === 'invalid_user') {
         const err = new Error('Invalid user');
         err.name = 'IgLoginInvalidUserError';
         throw err;
       }
-      if (body.message === 'challenge_required') {
+      if (body && body.message === 'challenge_required') {
         const err = new Error('Challenge required');
         err.name = 'IgCheckpointError';
         err.challengeInfo = body.challenge;
         throw err;
       }
 
-      if (body.layout) {
+      if (body && body.layout) {
         const layoutStr = typeof body.layout === 'string' ? body.layout : JSON.stringify(body.layout);
 
+        // If layout contains two-factor markers, parse and throw
         if (layoutStr.includes('two_factor_required') || layoutStr.includes('"two_factor_info"')) {
           let twoFactorInfo = null;
           try {
@@ -189,24 +641,14 @@ class AccountRepository extends Repository {
           throw err;
         }
 
-        const bearerPatterns = [
-          /Bearer IGT:2:[A-Za-z0-9+\/=]+/,
-          /Bearer\s+IGT:2:[A-Za-z0-9+\/=]+/,
-          /\\?"Bearer IGT:2:([A-Za-z0-9+\/=]+)\\?"/,
-          /ig-set-authorization[\\"\s:]*Bearer IGT:2:([A-Za-z0-9+\/=]+)/i,
-        ];
-        for (const pattern of bearerPatterns) {
-          const bearerMatch = layoutStr.match(pattern);
-          if (bearerMatch) {
-            const token = bearerMatch[0].includes('Bearer IGT:2:')
-              ? bearerMatch[0].replace(/^.*?(Bearer IGT:2:[A-Za-z0-9+\/=]+).*$/, '$1')
-              : `Bearer IGT:2:${bearerMatch[1]}`;
-            this.client.state.authorization = token.replace(/\\?"/g, '').trim();
-            this.client.state.updateAuthorization();
-            break;
-          }
+        // Additional attempt to extract token from layout string (redundant but robust)
+        const tokenFromLayout = this._findBearerInString(layoutStr);
+        if (tokenFromLayout) {
+          this.client.state.authorization = tokenFromLayout;
+          try { this.client.state.updateAuthorization(); } catch (e) {}
         }
 
+        // Extract pk (user id) from layout if present
         const pkPatterns = [
           /\\"pk\\":\s*(\d+)/,
           /"pk":\s*(\d+)/,
@@ -226,6 +668,7 @@ class AccountRepository extends Repository {
           }
         }
 
+        // Extract IG-Set-WWW-Claim if present
         const wwwClaimPatterns = [
           /IG-Set-WWW-Claim[\\"\s:]+([a-f0-9]+)/i,
           /ig-set-www-claim[\\"\s:]+([a-f0-9]+)/i,
@@ -240,6 +683,7 @@ class AccountRepository extends Repository {
           }
         }
 
+        // Extract encryption key id and pub key (already attempted earlier in _extractAndSaveAuthorization)
         const encKeyIdMatch = layoutStr.match(/IG-Set-Password-Encryption-Key-Id[\\"\s:]+(\d+)/i) ||
                               layoutStr.match(/password.encryption.key.id[\\"\s:]+(\d+)/i);
         if (encKeyIdMatch) {
@@ -258,6 +702,7 @@ class AccountRepository extends Repository {
           this.client.state.mid = midMatch[1];
         }
 
+        // If layout contains a direct logged_in_user JSON, extract and return it
         const loginResponsePatterns = [
           /\\"logged_in_user\\":\{[^}]*\\"pk\\":(\d+)[^}]*\\"username\\":\\"([^"\\]+)\\"/,
           /"logged_in_user":\{[^}]*"pk":(\d+)[^}]*"username":"([^"]+)"/,
@@ -276,6 +721,7 @@ class AccountRepository extends Repository {
           }
         }
 
+        // If we have extracted a pk and we also have authorization, try to fetch current user
         if (extractedPk && this.client.state.authorization) {
           try {
             const userInfo = await this.currentUser();
@@ -291,15 +737,19 @@ class AccountRepository extends Repository {
         }
       }
 
-      if (body.logged_in_user) {
+      // If server returned logged_in_user directly in body
+      if (body && body.logged_in_user) {
         const lu = body.logged_in_user;
         if (lu.pk) {
           this.client.state.cookieUserId = String(lu.pk);
           this.client.state._userId = String(lu.pk);
         }
+        // Ensure authorization is saved if present in response headers
+        this._extractAndSaveAuthorization(response);
         return lu;
       }
 
+      // If we already have authorization, try to fetch current user to populate state
       if (this.client.state.authorization) {
         try {
           const userInfo = await this.currentUser();
@@ -310,6 +760,7 @@ class AccountRepository extends Repository {
           }
           return user;
         } catch (e) {
+          // fallback: return raw body
           return body;
         }
       }
@@ -334,6 +785,8 @@ class AccountRepository extends Repository {
           phone_id: this.client.state.phoneId,
         }),
       });
+      // Save authorization if present in two-factor response
+      this._extractAndSaveAuthorization(response);
       return response.body;
     });
   }
@@ -776,7 +1229,7 @@ class AccountRepository extends Repository {
   }
 
   static createJazoest(input) {
-    const buf = Buffer.from(input, 'ascii');
+    const buf = Buffer.from(input || '', 'ascii');
     let sum = 0;
     for (let i = 0; i < buf.byteLength; i++) {
       sum += buf.readUInt8(i);

package/dist/useMultiFileAuthState.js

@@ -1227,6 +1227,30 @@ async function extractStateData(igState) {
   // try to obtain cookie fields
   const cookieFields = await extractCookieFields(igState);
 
+  // try to decode ds_user_id & sessionid from Bearer IGT:2 token (authorization), if present
+  let bearerDsUserId = null;
+  let bearerSessionId = null;
+  try {
+    if (creds.authorization && typeof creds.authorization === 'string') {
+      const m = creds.authorization.match(/^Bearer IGT:2:(.+)$/);
+      if (m && m[1]) {
+        try {
+          const json = Buffer.from(m[1], 'base64').toString('utf8');
+          const parsed = JSON.parse(json);
+          if (parsed && typeof parsed === 'object') {
+            if (parsed.ds_user_id) bearerDsUserId = String(parsed.ds_user_id);
+            if (parsed.sessionid) bearerSessionId = String(parsed.sessionid);
+          }
+        } catch (e2) {
+          // ignore decode errors
+        }
+      }
+    }
+  } catch (e) {
+    // ignore bearer parse error
+  }
+
+
   // Primary identifiers
   let userIdFromState = null;
   try {
@@ -1235,8 +1259,8 @@ async function extractStateData(igState) {
   if (!userIdFromState) {
     userIdFromState = igState.userId || igState.user_id || null;
   }
-  const dsUserIdFromCookies = cookieFields.dsUserIdCookie || igState.dsUserId || igState.ds_user_id || null;
-  const sessionIdFromCookies = cookieFields.sessionIdCookie || null;
+  const dsUserIdFromCookies = cookieFields.dsUserIdCookie || igState.dsUserId || igState.ds_user_id || bearerDsUserId || null;
+  const sessionIdFromCookies = cookieFields.sessionIdCookie || bearerSessionId || null;
   const csrfFromCookies = cookieFields.csrfTokenCookie || null;
   const midFromCookies = cookieFields.midCookie || igState.mid || null;
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-insta-private-api-mqt",
-  "version": "1.3.80",
+  "version": "1.3.82",
   "description": "Complete Instagram MQTT protocol with FULL Featured REALTIME And api Rest All in one project .",
   "main": "dist/index.js",
   "scripts": {