supunmd-bail 2.0.1

package/lib/Utils/crypto.d.ts

@@ -0,0 +1,41 @@
+import type { KeyPair } from '../Types/index.js';
+/** prefix version byte to the pub keys, required for some curve crypto functions */
+export declare const generateSignalPubKey: (pubKey: Uint8Array | Buffer) => Uint8Array<ArrayBufferLike> | Buffer<ArrayBufferLike>;
+export declare const Curve: {
+    generateKeyPair: () => KeyPair;
+    sharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => Buffer<ArrayBuffer>;
+    sign: (privateKey: Uint8Array, buf: Uint8Array) => Uint8Array<ArrayBufferLike>;
+    verify: (pubKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => boolean;
+};
+export declare const signedKeyPair: (identityKeyPair: KeyPair, keyId: number) => {
+    keyPair: KeyPair;
+    signature: Uint8Array<ArrayBufferLike>;
+    keyId: number;
+};
+/**
+ * encrypt AES 256 GCM;
+ * where the tag tag is suffixed to the ciphertext
+ * */
+export declare function aesEncryptGCM(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array): Buffer<ArrayBuffer>;
+/**
+ * decrypt AES 256 GCM;
+ * where the auth tag is suffixed to the ciphertext
+ * */
+export declare function aesDecryptGCM(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array): Buffer<ArrayBuffer>;
+export declare function aesEncryptCTR(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array): Buffer<ArrayBuffer>;
+export declare function aesDecryptCTR(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array): Buffer<ArrayBuffer>;
+/** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
+export declare function aesDecrypt(buffer: Buffer, key: Buffer): Buffer<ArrayBuffer>;
+/** decrypt AES 256 CBC */
+export declare function aesDecryptWithIV(buffer: Buffer, key: Buffer, IV: Buffer): Buffer<ArrayBuffer>;
+export declare function aesEncrypt(buffer: Buffer | Uint8Array, key: Buffer): Buffer<ArrayBuffer>;
+export declare function aesEncrypWithIV(buffer: Buffer, key: Buffer, IV: Buffer): Buffer<ArrayBuffer>;
+export declare function hmacSign(buffer: Buffer | Uint8Array, key: Buffer | Uint8Array, variant?: 'sha256' | 'sha512'): Buffer<ArrayBufferLike>;
+export declare function sha256(buffer: Buffer): Buffer<ArrayBufferLike>;
+export declare function md5(buffer: Buffer): Buffer<ArrayBufferLike>;
+export declare function hkdf(buffer: Uint8Array | Buffer, expandedLength: number, info: {
+    salt?: Buffer;
+    info?: string;
+}): Promise<Buffer>;
+export declare function derivePairingCodeKey(pairingCode: string, salt: Buffer): Promise<Buffer>;
+//# sourceMappingURL=crypto.d.ts.map

package/lib/Utils/crypto.js

@@ -0,0 +1,142 @@
+import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto';
+import * as curve from 'libsignal/src/curve.js';
+import { KEY_BUNDLE_TYPE } from '../Defaults/index.js';
+// insure browser & node compatibility
+const { subtle } = globalThis.crypto;
+/** prefix version byte to the pub keys, required for some curve crypto functions */
+export const generateSignalPubKey = (pubKey) => pubKey.length === 33 ? pubKey : Buffer.concat([KEY_BUNDLE_TYPE, pubKey]);
+export const Curve = {
+    generateKeyPair: () => {
+        const { pubKey, privKey } = curve.generateKeyPair();
+        return {
+            private: Buffer.from(privKey),
+            // remove version byte
+            public: Buffer.from(pubKey.slice(1))
+        };
+    },
+    sharedKey: (privateKey, publicKey) => {
+        const shared = curve.calculateAgreement(generateSignalPubKey(publicKey), privateKey);
+        return Buffer.from(shared);
+    },
+    sign: (privateKey, buf) => curve.calculateSignature(privateKey, buf),
+    verify: (pubKey, message, signature) => {
+        try {
+            curve.verifySignature(generateSignalPubKey(pubKey), message, signature);
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+};
+export const signedKeyPair = (identityKeyPair, keyId) => {
+    const preKey = Curve.generateKeyPair();
+    const pubKey = generateSignalPubKey(preKey.public);
+    const signature = Curve.sign(identityKeyPair.private, pubKey);
+    return { keyPair: preKey, signature, keyId };
+};
+const GCM_TAG_LENGTH = 128 >> 3;
+/**
+ * encrypt AES 256 GCM;
+ * where the tag tag is suffixed to the ciphertext
+ * */
+export function aesEncryptGCM(plaintext, key, iv, additionalData) {
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    cipher.setAAD(additionalData);
+    return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()]);
+}
+/**
+ * decrypt AES 256 GCM;
+ * where the auth tag is suffixed to the ciphertext
+ * */
+export function aesDecryptGCM(ciphertext, key, iv, additionalData) {
+    const decipher = createDecipheriv('aes-256-gcm', key, iv);
+    // decrypt additional adata
+    const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH);
+    const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH);
+    // set additional data
+    decipher.setAAD(additionalData);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([decipher.update(enc), decipher.final()]);
+}
+export function aesEncryptCTR(plaintext, key, iv) {
+    const cipher = createCipheriv('aes-256-ctr', key, iv);
+    return Buffer.concat([cipher.update(plaintext), cipher.final()]);
+}
+export function aesDecryptCTR(ciphertext, key, iv) {
+    const decipher = createDecipheriv('aes-256-ctr', key, iv);
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+/** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
+export function aesDecrypt(buffer, key) {
+    return aesDecryptWithIV(buffer.slice(16, buffer.length), key, buffer.slice(0, 16));
+}
+/** decrypt AES 256 CBC */
+export function aesDecryptWithIV(buffer, key, IV) {
+    const aes = createDecipheriv('aes-256-cbc', key, IV);
+    return Buffer.concat([aes.update(buffer), aes.final()]);
+}
+// encrypt AES 256 CBC; where a random IV is prefixed to the buffer
+export function aesEncrypt(buffer, key) {
+    const IV = randomBytes(16);
+    const aes = createCipheriv('aes-256-cbc', key, IV);
+    return Buffer.concat([IV, aes.update(buffer), aes.final()]); // prefix IV to the buffer
+}
+// encrypt AES 256 CBC with a given IV
+export function aesEncrypWithIV(buffer, key, IV) {
+    const aes = createCipheriv('aes-256-cbc', key, IV);
+    return Buffer.concat([aes.update(buffer), aes.final()]); // prefix IV to the buffer
+}
+// sign HMAC using SHA 256
+export function hmacSign(buffer, key, variant = 'sha256') {
+    return createHmac(variant, key).update(buffer).digest();
+}
+export function sha256(buffer) {
+    return createHash('sha256').update(buffer).digest();
+}
+export function md5(buffer) {
+    return createHash('md5').update(buffer).digest();
+}
+// HKDF key expansion
+export async function hkdf(buffer, expandedLength, info) {
+    // Normalize to a Uint8Array whose underlying buffer is a regular ArrayBuffer (not ArrayBufferLike)
+    // Cloning via new Uint8Array(...) guarantees the generic parameter is ArrayBuffer which satisfies WebCrypto types.
+    const inputKeyMaterial = new Uint8Array(buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer));
+    // Set default values if not provided
+    const salt = info.salt ? new Uint8Array(info.salt) : new Uint8Array(0);
+    const infoBytes = info.info ? new TextEncoder().encode(info.info) : new Uint8Array(0);
+    // Import the input key material (cast to BufferSource to appease TS DOM typings)
+    const importedKey = await subtle.importKey('raw', inputKeyMaterial, { name: 'HKDF' }, false, [
+        'deriveBits'
+    ]);
+    // Derive bits using HKDF
+    const derivedBits = await subtle.deriveBits({
+        name: 'HKDF',
+        hash: 'SHA-256',
+        salt: salt,
+        info: infoBytes
+    }, importedKey, expandedLength * 8 // Convert bytes to bits
+    );
+    return Buffer.from(derivedBits);
+}
+export async function derivePairingCodeKey(pairingCode, salt) {
+    // Convert inputs to formats Web Crypto API can work with
+    const encoder = new TextEncoder();
+    const pairingCodeBuffer = encoder.encode(pairingCode);
+    const saltBuffer = new Uint8Array(salt instanceof Uint8Array ? salt : new Uint8Array(salt));
+    // Import the pairing code as key material
+    const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer, { name: 'PBKDF2' }, false, [
+        'deriveBits'
+    ]);
+    // Derive bits using PBKDF2 with the same parameters
+    // 2 << 16 = 131,072 iterations
+    const derivedBits = await subtle.deriveBits({
+        name: 'PBKDF2',
+        salt: saltBuffer,
+        iterations: 2 << 16,
+        hash: 'SHA-256'
+    }, keyMaterial, 32 * 8 // 32 bytes * 8 = 256 bits
+    );
+    return Buffer.from(derivedBits);
+}
+//# sourceMappingURL=crypto.js.map

package/lib/Utils/decode-wa-message.d.ts

@@ -0,0 +1,48 @@
+import type { WAMessage } from '../Types/index.js';
+import type { SignalRepositoryWithLIDStore } from '../Types/Signal.js';
+import { type BinaryNode } from '../WABinary/index.js';
+import type { ILogger } from './logger.js';
+export declare const getDecryptionJid: (sender: string, repository: SignalRepositoryWithLIDStore) => Promise<string>;
+export declare const NO_MESSAGE_FOUND_ERROR_TEXT = "Message absent from node";
+export declare const MISSING_KEYS_ERROR_TEXT = "Key used already or never filled";
+export declare const DECRYPTION_RETRY_CONFIG: {
+    maxRetries: number;
+    baseDelayMs: number;
+    sessionRecordErrors: string[];
+};
+export declare const NACK_REASONS: {
+    ParsingError: number;
+    UnrecognizedStanza: number;
+    UnrecognizedStanzaClass: number;
+    UnrecognizedStanzaType: number;
+    InvalidProtobuf: number;
+    InvalidHostedCompanionStanza: number;
+    MissingMessageSecret: number;
+    SignalErrorOldCounter: number;
+    MessageDeletedOnPeer: number;
+    UnhandledError: number;
+    UnsupportedAdminRevoke: number;
+    UnsupportedLIDGroup: number;
+    DBOperationFailed: number;
+};
+export declare const extractAddressingContext: (stanza: BinaryNode) => {
+    addressingMode: string;
+    senderAlt: string | undefined;
+    recipientAlt: string | undefined;
+};
+/**
+ * Decode the received node as a message.
+ * @note this will only parse the message, not decrypt it
+ */
+export declare function decodeMessageNode(stanza: BinaryNode, meId: string, meLid: string): {
+    fullMessage: WAMessage;
+    author: string;
+    sender: string;
+};
+export declare const decryptMessageNode: (stanza: BinaryNode, meId: string, meLid: string, repository: SignalRepositoryWithLIDStore, logger: ILogger) => {
+    fullMessage: WAMessage;
+    category: string | undefined;
+    author: string;
+    decrypt(): Promise<void>;
+};
+//# sourceMappingURL=decode-wa-message.d.ts.map

package/lib/Utils/decode-wa-message.js

@@ -0,0 +1,279 @@
+import { Boom } from '@hapi/boom';
+import { proto } from '../../WAProto/index.js';
+import { areJidsSameUser, isHostedLidUser, isHostedPnUser, isJidBroadcast, isJidGroup, isJidMetaAI, isJidNewsletter, isJidStatusBroadcast, isLidUser, isPnUser
+//	transferDevice
+ } from '../WABinary/index.js';
+import { unpadRandomMax16 } from './generics.js';
+export const getDecryptionJid = async (sender, repository) => {
+    if (isLidUser(sender) || isHostedLidUser(sender)) {
+        return sender;
+    }
+    const mapped = await repository.lidMapping.getLIDForPN(sender);
+    return mapped || sender;
+};
+const storeMappingFromEnvelope = async (stanza, sender, repository, decryptionJid, logger) => {
+    // TODO: Handle hosted IDs
+    const { senderAlt } = extractAddressingContext(stanza);
+    if (senderAlt && isLidUser(senderAlt) && isPnUser(sender) && decryptionJid === sender) {
+        try {
+            await repository.lidMapping.storeLIDPNMappings([{ lid: senderAlt, pn: sender }]);
+            await repository.migrateSession(sender, senderAlt);
+            logger.debug({ sender, senderAlt }, 'Stored LID mapping from envelope');
+        }
+        catch (error) {
+            logger.warn({ sender, senderAlt, error }, 'Failed to store LID mapping');
+        }
+    }
+};
+export const NO_MESSAGE_FOUND_ERROR_TEXT = 'Message absent from node';
+export const MISSING_KEYS_ERROR_TEXT = 'Key used already or never filled';
+// Retry configuration for failed decryption
+export const DECRYPTION_RETRY_CONFIG = {
+    maxRetries: 3,
+    baseDelayMs: 100,
+    sessionRecordErrors: ['No session record', 'SessionError: No session record']
+};
+export const NACK_REASONS = {
+    ParsingError: 487,
+    UnrecognizedStanza: 488,
+    UnrecognizedStanzaClass: 489,
+    UnrecognizedStanzaType: 490,
+    InvalidProtobuf: 491,
+    InvalidHostedCompanionStanza: 493,
+    MissingMessageSecret: 495,
+    SignalErrorOldCounter: 496,
+    MessageDeletedOnPeer: 499,
+    UnhandledError: 500,
+    UnsupportedAdminRevoke: 550,
+    UnsupportedLIDGroup: 551,
+    DBOperationFailed: 552
+};
+export const extractAddressingContext = (stanza) => {
+    let senderAlt;
+    let recipientAlt;
+    const sender = stanza.attrs.participant || stanza.attrs.from;
+    const addressingMode = stanza.attrs.addressing_mode || (sender?.endsWith('lid') ? 'lid' : 'pn');
+    if (addressingMode === 'lid') {
+        // Message is LID-addressed: sender is LID, extract corresponding PN
+        // without device data
+        senderAlt = stanza.attrs.participant_pn || stanza.attrs.sender_pn || stanza.attrs.peer_recipient_pn;
+        recipientAlt = stanza.attrs.recipient_pn;
+        // with device data
+        //if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
+    }
+    else {
+        // Message is PN-addressed: sender is PN, extract corresponding LID
+        // without device data
+        senderAlt = stanza.attrs.participant_lid || stanza.attrs.sender_lid || stanza.attrs.peer_recipient_lid;
+        recipientAlt = stanza.attrs.recipient_lid;
+        //with device data
+        //if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
+    }
+    return {
+        addressingMode,
+        senderAlt,
+        recipientAlt
+    };
+};
+/**
+ * Decode the received node as a message.
+ * @note this will only parse the message, not decrypt it
+ */
+export function decodeMessageNode(stanza, meId, meLid) {
+    let msgType;
+    let chatId;
+    let author;
+    let fromMe = false;
+    const msgId = stanza.attrs.id;
+    const from = stanza.attrs.from;
+    const participant = stanza.attrs.participant;
+    const recipient = stanza.attrs.recipient;
+    const addressingContext = extractAddressingContext(stanza);
+    const isMe = (jid) => areJidsSameUser(jid, meId);
+    const isMeLid = (jid) => areJidsSameUser(jid, meLid);
+    if (isPnUser(from) || isLidUser(from) || isHostedLidUser(from) || isHostedPnUser(from)) {
+        if (recipient && !isJidMetaAI(recipient)) {
+            if (!isMe(from) && !isMeLid(from)) {
+                throw new Boom('receipient present, but msg not from me', { data: stanza });
+            }
+            if (isMe(from) || isMeLid(from)) {
+                fromMe = true;
+            }
+            chatId = recipient;
+        }
+        else {
+            chatId = from;
+        }
+        msgType = 'chat';
+        author = from;
+    }
+    else if (isJidGroup(from)) {
+        if (!participant) {
+            throw new Boom('No participant in group message');
+        }
+        if (isMe(participant) || isMeLid(participant)) {
+            fromMe = true;
+        }
+        msgType = 'group';
+        author = participant;
+        chatId = from;
+    }
+    else if (isJidBroadcast(from)) {
+        if (!participant) {
+            throw new Boom('No participant in group message');
+        }
+        const isParticipantMe = isMe(participant);
+        if (isJidStatusBroadcast(from)) {
+            msgType = isParticipantMe ? 'direct_peer_status' : 'other_status';
+        }
+        else {
+            msgType = isParticipantMe ? 'peer_broadcast' : 'other_broadcast';
+        }
+        fromMe = isParticipantMe;
+        chatId = from;
+        author = participant;
+    }
+    else if (isJidNewsletter(from)) {
+        msgType = 'newsletter';
+        chatId = from;
+        author = from;
+        if (isMe(from) || isMeLid(from)) {
+            fromMe = true;
+        }
+    }
+    else {
+        throw new Boom('Unknown message type', { data: stanza });
+    }
+    const pushname = stanza?.attrs?.notify;
+    const key = {
+        remoteJid: chatId,
+        remoteJidAlt: !isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
+        fromMe,
+        id: msgId,
+        participant,
+        participantAlt: isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
+        addressingMode: addressingContext.addressingMode,
+        ...(msgType === 'newsletter' && stanza.attrs.server_id ? { server_id: stanza.attrs.server_id } : {})
+    };
+    const fullMessage = {
+        key,
+        messageTimestamp: +stanza.attrs.t,
+        pushName: pushname,
+        broadcast: isJidBroadcast(from)
+    };
+    if (key.fromMe) {
+        fullMessage.status = proto.WebMessageInfo.Status.SERVER_ACK;
+    }
+    return {
+        fullMessage,
+        author,
+        sender: msgType === 'chat' ? author : chatId
+    };
+}
+export const decryptMessageNode = (stanza, meId, meLid, repository, logger) => {
+    const { fullMessage, author, sender } = decodeMessageNode(stanza, meId, meLid);
+    return {
+        fullMessage,
+        category: stanza.attrs.category,
+        author,
+        async decrypt() {
+            let decryptables = 0;
+            if (Array.isArray(stanza.content)) {
+                for (const { tag, attrs, content } of stanza.content) {
+                    if (tag === 'verified_name' && content instanceof Uint8Array) {
+                        const cert = proto.VerifiedNameCertificate.decode(content);
+                        const details = proto.VerifiedNameCertificate.Details.decode(cert.details);
+                        fullMessage.verifiedBizName = details.verifiedName;
+                    }
+                    if (tag === 'unavailable' && attrs.type === 'view_once') {
+                        fullMessage.key.isViewOnce = true; // TODO: remove from here and add a STUB TYPE
+                    }
+                    if (tag !== 'enc' && tag !== 'plaintext') {
+                        continue;
+                    }
+                    if (!(content instanceof Uint8Array)) {
+                        continue;
+                    }
+                    decryptables += 1;
+                    let msgBuffer;
+                    const decryptionJid = await getDecryptionJid(author, repository);
+                    if (tag !== 'plaintext') {
+                        // TODO: Handle hosted devices
+                        await storeMappingFromEnvelope(stanza, author, repository, decryptionJid, logger);
+                    }
+                    try {
+                        const e2eType = tag === 'plaintext' ? 'plaintext' : attrs.type;
+                        switch (e2eType) {
+                            case 'skmsg':
+                                msgBuffer = await repository.decryptGroupMessage({
+                                    group: sender,
+                                    authorJid: author,
+                                    msg: content
+                                });
+                                break;
+                            case 'pkmsg':
+                            case 'msg':
+                                msgBuffer = await repository.decryptMessage({
+                                    jid: decryptionJid,
+                                    type: e2eType,
+                                    ciphertext: content
+                                });
+                                break;
+                            case 'plaintext':
+                                msgBuffer = content;
+                                break;
+                            default:
+                                throw new Error(`Unknown e2e type: ${e2eType}`);
+                        }
+                        let msg = proto.Message.decode(e2eType !== 'plaintext' ? unpadRandomMax16(msgBuffer) : msgBuffer);
+                        msg = msg.deviceSentMessage?.message || msg;
+                        if (msg.senderKeyDistributionMessage) {
+                            //eslint-disable-next-line max-depth
+                            try {
+                                await repository.processSenderKeyDistributionMessage({
+                                    authorJid: author,
+                                    item: msg.senderKeyDistributionMessage
+                                });
+                            }
+                            catch (err) {
+                                logger.error({ key: fullMessage.key, err }, 'failed to process sender key distribution message');
+                            }
+                        }
+                        if (fullMessage.message) {
+                            Object.assign(fullMessage.message, msg);
+                        }
+                        else {
+                            fullMessage.message = msg;
+                        }
+                    }
+                    catch (err) {
+                        const errorContext = {
+                            key: fullMessage.key,
+                            err,
+                            messageType: tag === 'plaintext' ? 'plaintext' : attrs.type,
+                            sender,
+                            author,
+                            isSessionRecordError: isSessionRecordError(err)
+                        };
+                        logger.error(errorContext, 'failed to decrypt message');
+                        fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT;
+                        fullMessage.messageStubParameters = [err.message.toString()];
+                    }
+                }
+            }
+            // if nothing was found to decrypt
+            if (!decryptables) {
+                fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT;
+                fullMessage.messageStubParameters = [NO_MESSAGE_FOUND_ERROR_TEXT];
+            }
+        }
+    };
+};
+/**
+ * Utility function to check if an error is related to missing session record
+ */
+function isSessionRecordError(error) {
+    const errorMessage = error?.message || error?.toString() || '';
+    return DECRYPTION_RETRY_CONFIG.sessionRecordErrors.some(errorPattern => errorMessage.includes(errorPattern));
+}
+//# sourceMappingURL=decode-wa-message.js.map

package/lib/Utils/event-buffer.d.ts

@@ -0,0 +1,34 @@
+import type { BaileysEventEmitter, BaileysEventMap } from '../Types/index.js';
+import type { ILogger } from './logger.js';
+/**
+ * A map that contains a list of all events that have been triggered
+ *
+ * Note, this can contain different type of events
+ * this can make processing events extremely efficient -- since everything
+ * can be done in a single transaction
+ */
+type BaileysEventData = Partial<BaileysEventMap>;
+type BaileysBufferableEventEmitter = BaileysEventEmitter & {
+    /** Use to process events in a batch */
+    process(handler: (events: BaileysEventData) => void | Promise<void>): () => void;
+    /**
+     * starts buffering events, call flush() to release them
+     * */
+    buffer(): void;
+    /** buffers all events till the promise completes */
+    createBufferedFunction<A extends any[], T>(work: (...args: A) => Promise<T>): (...args: A) => Promise<T>;
+    /**
+     * flushes all buffered events
+     * @returns returns true if the flush actually happened, otherwise false
+     */
+    flush(): boolean;
+    /** is there an ongoing buffer */
+    isBuffering(): boolean;
+};
+/**
+ * The event buffer logically consolidates different events into a single event
+ * making the data processing more efficient.
+ */
+export declare const makeEventBuffer: (logger: ILogger) => BaileysBufferableEventEmitter;
+export {};
+//# sourceMappingURL=event-buffer.d.ts.map