wa-multi-mongodb 3.10.8 → 3.11.1

package/dist/cjs/Socket/index.js

@@ -45,7 +45,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.toLID = exports.toPhoneNumber = exports.isPNFormat = exports.isLIDFormat = exports.getAllLIDMappings = exports.getLIDForPN = exports.getPNForLID = exports.clearAllGroupMetadataCache = exports.clearSessionGroupMetadataCache = exports.clearGroupMetadataCache = exports.getGroupMetadata = exports.setGroupCacheConfig = exports.getSessionStatus = exports.getPairingCodeSessions = exports.reconnectAllPairingCodeSessions = exports.reconnect = exports.setCredentialsDir = exports.setMongoDBNames = exports.loadSessionsFromMongo = exports.onPairingCode = exports.onMessageUpdate = exports.onConnecting = exports.onDisconnected = exports.onConnected = exports.onQRUpdated = exports.onMessageReceived = exports.loadSessionsFromStorage = exports.getSession = exports.getAllSessionSync = exports.getAllSession = exports.deleteSession = exports.startWhatsapp = exports.startSessionWithPairingCode = exports.startSession = exports.setMongoURI = void 0;
+exports.toLID = exports.toPhoneNumber = exports.isPNFormat = exports.isLIDFormat = exports.getAllLIDMappings = exports.getLIDForPN = exports.getPNForLID = exports.clearAllGroupMetadataCache = exports.clearSessionGroupMetadataCache = exports.clearGroupMetadataCache = exports.getGroupMetadata = exports.setGroupCacheConfig = exports.getSessionStatus = exports.getPairingCodeSessions = exports.reconnectAllPairingCodeSessions = exports.reconnect = exports.setCredentialsDir = exports.setMongoDBNames = exports.loadSessionsFromMongo = exports.onPairingCode = exports.onMessageUpdate = exports.onConnecting = exports.onDisconnected = exports.onConnected = exports.onQRUpdated = exports.onMessageReceived = exports.loadSessionsFromStorage = exports.downloadMediaMessage = exports.getSession = exports.getAllSessionSync = exports.getAllSession = exports.deleteSession = exports.startWhatsapp = exports.startSessionWithPairingCode = exports.startSession = exports.setMongoURI = void 0;
 exports.setMongoCollection = setMongoCollection;
 const baileys_1 = __importStar(require("baileys"));
 const path_1 = __importDefault(require("path"));
@@ -60,6 +60,7 @@ const message_status_1 = require("../Utils/message-status");
 const mongodb_1 = require("mongodb");
 const mongo_auth_state_1 = require("../Utils/mongo-auth-state");
 const create_delay_1 = require("../Utils/create-delay");
+const security_1 = require("../Utils/security");
 const sessions = new Map();
 /**
  * Valid PlatformType values that WhatsApp recognizes
@@ -184,6 +185,7 @@ function initMongo() {
     });
 }
 const startSession = (...args_1) => __awaiter(void 0, [...args_1], void 0, function* (sessionId = "mysession", options = { printQR: true }) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     if (isSessionExistAndRunning(sessionId))
         throw new Error_1.WhatsappError(Defaults_1.Messages.sessionAlreadyExist(sessionId));
     yield initMongo();
@@ -352,6 +354,7 @@ exports.startSession = startSession;
  * @returns Promise<WASocket> The WhatsApp socket instance
  */
 const startSessionWithPairingCode = (sessionId_1, phoneNumber_1, ...args_1) => __awaiter(void 0, [sessionId_1, phoneNumber_1, ...args_1], void 0, function* (sessionId, phoneNumber, options = {}) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     if (isSessionExistAndRunning(sessionId))
         throw new Error_1.WhatsappError(Defaults_1.Messages.sessionAlreadyExist(sessionId));
     // Simpan informasi session pairing code untuk auto-reconnect
@@ -395,7 +398,7 @@ const startSessionWithPairingCode = (sessionId_1, phoneNumber_1, ...args_1) => _
                     const code = yield sock.requestPairingCode(phoneNumberFormatted);
                     // Pastikan kode ada dan merupakan string
                     if (code && typeof code === 'string') {
-                        console.log(`Pairing code untuk session ${sessionId}: ${code}`);
+                        console.log(`Pairing code untuk session ${sessionId}: ${(0, security_1.maskSensitiveValue)(code)}`);
                         // Panggil callback yang terdaftar
                         (_a = callback.get(Defaults_1.CALLBACK_KEY.ON_PAIRING_CODE)) === null || _a === void 0 ? void 0 : _a(sessionId, code);
                         (_b = options.onPairingCode) === null || _b === void 0 ? void 0 : _b.call(options, code);
@@ -565,6 +568,7 @@ exports.startWhatsapp = exports.startSession;
  * @param sessionId Session ID to soft delete
  */
 const softDeleteSession = (sessionId_1, ...args_1) => __awaiter(void 0, [sessionId_1, ...args_1], void 0, function* (sessionId, preserveData = false) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     try {
         yield (session === null || session === void 0 ? void 0 : session.logout());
@@ -600,6 +604,7 @@ const softDeleteSession = (sessionId_1, ...args_1) => __awaiter(void 0, [session
     }
 });
 const deleteSession = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     try {
         yield (session === null || session === void 0 ? void 0 : session.logout());
@@ -661,9 +666,30 @@ exports.getAllSession = getAllSession;
 // Untuk backward compatibility
 const getAllSessionSync = () => Array.from(sessions.keys());
 exports.getAllSessionSync = getAllSessionSync;
-const getSession = (key) => sessions.get(key);
+const getSession = (key) => sessions.get((0, security_1.assertValidSessionId)(key));
 exports.getSession = getSession;
+const downloadMediaMessage = (_a) => __awaiter(void 0, [_a], void 0, function* ({ sessionId, message, key, }) {
+    const session = (0, exports.getSession)(sessionId);
+    if (!session) {
+        throw new Error_1.WhatsappError(Defaults_1.Messages.sessionNotFound(sessionId));
+    }
+    if (!message) {
+        throw new Error_1.WhatsappError("Message is required to download media");
+    }
+    try {
+        const buffer = yield (0, baileys_1.downloadMediaMessage)(message, "buffer", {}, {
+            logger: P,
+            reuploadRequest: session.updateMediaMessage,
+        });
+        return buffer;
+    }
+    catch (error) {
+        throw new Error_1.WhatsappError(`Failed to download media: ${error.message || String(error)}`);
+    }
+});
+exports.downloadMediaMessage = downloadMediaMessage;
 const isSessionExistAndRunning = (sessionId) => {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // Cek jika session sudah berjalan di memory
     if ((0, exports.getSession)(sessionId)) {
         return true;
@@ -676,6 +702,7 @@ const isSessionExistAndRunning = (sessionId) => {
  * @returns Boolean indicating if session should be loaded
  */
 const shouldLoadSession = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // Jika session sudah berjalan di memory, tidak perlu load lagi
     if ((0, exports.getSession)(sessionId)) {
         return false;
@@ -784,6 +811,7 @@ exports.setCredentialsDir = setCredentialsDir;
  */
 const reconnect = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
     try {
+        sessionId = (0, security_1.assertValidSessionId)(sessionId);
         // Cek jika session masih ada di memory
         const existingSession = sessions.get(sessionId);
         // Hapus session terlebih dahulu untuk menghindari konflik
@@ -903,6 +931,7 @@ exports.getPairingCodeSessions = getPairingCodeSessions;
  * @returns Object with session status information
  */
 const getSessionStatus = (sessionId) => {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const isRunning = !!(0, exports.getSession)(sessionId);
     const isPairingCodeSession = pairingCodeSessions.has(sessionId);
     const retryAttempts = retryCount.get(sessionId) || 0;
@@ -922,6 +951,8 @@ const setGroupCacheConfig = (options) => {
 exports.setGroupCacheConfig = setGroupCacheConfig;
 // Fungsi baru untuk mendapatkan atau memuat data grup dengan multi-session support
 const getGroupMetadata = (sessionId_1, jid_1, ...args_1) => __awaiter(void 0, [sessionId_1, jid_1, ...args_1], void 0, function* (sessionId, jid, forceFetch = false) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
+    jid = (0, security_1.assertValidJidIdentifier)(jid, "jid");
     // Get the session socket
     const sock = (0, exports.getSession)(sessionId);
     if (!sock) {
@@ -951,11 +982,14 @@ const getGroupMetadata = (sessionId_1, jid_1, ...args_1) => __awaiter(void 0, [s
 exports.getGroupMetadata = getGroupMetadata;
 // Fungsi baru untuk menghapus cache grup tertentu
 const clearGroupMetadataCache = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
+    jid = (0, security_1.assertValidJidIdentifier)(jid, "jid");
     yield Utils_1.groupCache.delete(sessionId, jid);
 });
 exports.clearGroupMetadataCache = clearGroupMetadataCache;
 // Fungsi untuk membersihkan seluruh cache grup untuk session tertentu
 const clearSessionGroupMetadataCache = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     yield Utils_1.groupCache.clearSessionCache(sessionId);
 });
 exports.clearSessionGroupMetadataCache = clearSessionGroupMetadataCache;
@@ -989,6 +1023,8 @@ exports.clearAllGroupMetadataCache = clearAllGroupMetadataCache;
  */
 const getPNForLID = (sessionId, lid) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
+    lid = (0, security_1.assertValidJidIdentifier)(lid, "lid");
     const session = (0, exports.getSession)(sessionId);
     if (!session) {
         return {
@@ -1057,6 +1093,7 @@ exports.getPNForLID = getPNForLID;
  */
 const getLIDForPN = (sessionId, pn) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     if (!session) {
         return {
@@ -1123,6 +1160,7 @@ exports.getLIDForPN = getLIDForPN;
  * @note This may return an empty array if no mappings are available yet.
  */
 const getAllLIDMappings = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     if (!session) {
         throw new Error_1.WhatsappError(Defaults_1.Messages.sessionNotFound(sessionId));
@@ -1217,6 +1255,7 @@ exports.isPNFormat = isPNFormat;
  * ```
  */
 const toPhoneNumber = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // Handle null/undefined input
     if (!jid) {
         return null;
@@ -1268,6 +1307,7 @@ exports.toPhoneNumber = toPhoneNumber;
  * ```
  */
 const toLID = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // If already in LID format, return as-is
     if ((0, exports.isLIDFormat)(jid)) {
         return jid;

package/dist/cjs/Utils/group-cache.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"group-cache.d.ts","sourceRoot":"","sources":["../../../src/Utils/group-cache.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAKxC,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAqB;IAC5C,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAuB;IAGvC,OAAO;WAUO,WAAW,IAAI,kBAAkB;IAQlC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBpD,OAAO,CAAC,cAAc;IAKT,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoCtE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IA4B/E,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBzD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBzD,SAAS,CAAC,OAAO,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE;IAU5D,KAAK,IAAI,IAAI;CAGrB;AAGD,eAAO,MAAM,UAAU,oBAAmC,CAAC"}
+{"version":3,"file":"group-cache.d.ts","sourceRoot":"","sources":["../../../src/Utils/group-cache.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAMxC,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAqB;IAC5C,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAuB;IAGvC,OAAO;WAUO,WAAW,IAAI,kBAAkB;IAQlC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBpD,OAAO,CAAC,cAAc;IAKT,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAsCtE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IA8B/E,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBzD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAmBzD,SAAS,CAAC,OAAO,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE;IAU5D,KAAK,IAAI,IAAI;CAGrB;AAGD,eAAO,MAAM,UAAU,oBAAmC,CAAC"}

package/dist/cjs/Utils/group-cache.js

@@ -16,6 +16,7 @@ exports.groupCache = exports.GroupMetadataCache = void 0;
 const node_cache_1 = __importDefault(require("node-cache"));
 const mongodb_1 = require("mongodb");
 const Defaults_1 = require("../Defaults");
+const security_1 = require("./security");
 // Class untuk mengelola cache group metadata dengan pendekatan hybrid (NodeCache + MongoDB)
 class GroupMetadataCache {
     // Konstruktor private untuk singleton pattern
@@ -64,8 +65,10 @@ class GroupMetadataCache {
     // Mendapatkan metadata grup dari cache atau MongoDB
     get(sessionId, groupId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
+            const safeGroupId = (0, security_1.assertValidJidIdentifier)(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Coba ambil dari cache memory dulu
             const cachedData = this.cache.get(cacheKey);
             if (cachedData) {
@@ -75,8 +78,8 @@ class GroupMetadataCache {
             if (this.mongoCollection) {
                 try {
                     const data = yield this.mongoCollection.findOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     });
                     if (data) {
                         // Hapus _id dari MongoDB yang tidak diperlukan
@@ -97,18 +100,20 @@ class GroupMetadataCache {
     // Menyimpan metadata grup ke cache dan MongoDB
     set(sessionId, groupId, metadata) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
+            const safeGroupId = (0, security_1.assertValidJidIdentifier)(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Simpan ke cache memory
             this.cache.set(cacheKey, metadata);
             // Jika MongoDB tersedia, simpan juga ke MongoDB
             if (this.mongoCollection) {
                 try {
                     // Tambahkan sessionId ke data yang disimpan
-                    const dataToStore = Object.assign(Object.assign({}, metadata), { sessionId });
+                    const dataToStore = Object.assign(Object.assign({}, metadata), { sessionId: safeSessionId });
                     yield this.mongoCollection.updateOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     }, { $set: dataToStore }, { upsert: true });
                 }
                 catch (error) {
@@ -120,16 +125,18 @@ class GroupMetadataCache {
     // Menghapus metadata grup dari cache dan MongoDB
     delete(sessionId, groupId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
+            const safeGroupId = (0, security_1.assertValidJidIdentifier)(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Hapus dari cache memory
             this.cache.del(cacheKey);
             // Jika MongoDB tersedia, hapus juga dari MongoDB
             if (this.mongoCollection) {
                 try {
                     yield this.mongoCollection.deleteOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     });
                 }
                 catch (error) {
@@ -141,10 +148,11 @@ class GroupMetadataCache {
     // Menghapus semua cache untuk session tertentu
     clearSessionCache(sessionId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
             // Hapus dari MongoDB
             if (this.mongoCollection) {
                 try {
-                    yield this.mongoCollection.deleteMany({ sessionId: sessionId });
+                    yield this.mongoCollection.deleteMany({ sessionId: safeSessionId });
                 }
                 catch (error) {
                     console.error(`Error clearing session ${sessionId} cache from MongoDB:`, error);
@@ -153,7 +161,7 @@ class GroupMetadataCache {
             // Hapus dari memory cache
             // Karena NodeCache tidak mendukung wildcard delete, kita harus mendapatkan semua kunci dulu
             const allKeys = this.cache.keys();
-            const sessionKeys = allKeys.filter(key => key.startsWith(`${sessionId}:`));
+            const sessionKeys = allKeys.filter(key => key.startsWith(`${safeSessionId}:`));
             sessionKeys.forEach(key => this.cache.del(key));
         });
     }

package/dist/cjs/Utils/index.d.ts

@@ -3,4 +3,5 @@ export * from "./is-exist";
 export * from "./create-delay";
 export * from "./group-cache";
 export * from "./lid-utils";
+export * from "./security";
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/Utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/Utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/Utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC"}

package/dist/cjs/Utils/index.js

@@ -19,5 +19,6 @@ __exportStar(require("./is-exist"), exports);
 __exportStar(require("./create-delay"), exports);
 __exportStar(require("./group-cache"), exports);
 __exportStar(require("./lid-utils"), exports);
+__exportStar(require("./security"), exports);
 // Note: setCredentialsDir & setMongoDBNames have been moved to src/Socket/index.ts
 // Please import them directly from there instead

package/dist/cjs/Utils/mongo-auth-state.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mongo-auth-state.d.ts","sourceRoot":"","sources":["../../../src/Utils/mongo-auth-state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,SAAS,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAuC1C,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;;;;kBAgC7D,CAAC,SAAS,MAAM,iBAAiB,QAAQ,CAAC,OAAO,MAAM,EAAE;;;2BAWhD,GAAG;;;;GAqB/B"}
+{"version":3,"file":"mongo-auth-state.d.ts","sourceRoot":"","sources":["../../../src/Utils/mongo-auth-state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,SAAS,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAwC1C,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;;;;kBAkC7D,CAAC,SAAS,MAAM,iBAAiB,QAAQ,CAAC,OAAO,MAAM,EAAE;;;2BAWhD,GAAG;;;;GAqB/B"}

package/dist/cjs/Utils/mongo-auth-state.js

@@ -13,6 +13,7 @@ exports.useMongoAuthState = useMongoAuthState;
 const WAProto_1 = require("baileys/WAProto");
 const crypto_1 = require("baileys/lib/Utils/crypto");
 const generics_1 = require("baileys/lib/Utils/generics");
+const security_1 = require("./security");
 const BufferJSON = {
     replacer: (_, value) => {
         if (Buffer.isBuffer(value) || value instanceof Uint8Array || (value === null || value === void 0 ? void 0 : value.type) === "Buffer") {
@@ -50,17 +51,18 @@ const initAuthCreds = () => {
 };
 function useMongoAuthState(sessionId, collection) {
     return __awaiter(this, void 0, void 0, function* () {
+        const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
         const readState = () => __awaiter(this, void 0, void 0, function* () {
-            const doc = yield collection.findOne({ sessionId });
+            const doc = yield collection.findOne({ sessionId: safeSessionId });
             return (doc === null || doc === void 0 ? void 0 : doc.state)
                 ? JSON.parse(JSON.stringify(doc.state), BufferJSON.reviver)
                 : null;
         });
         const writeState = (state) => __awaiter(this, void 0, void 0, function* () {
-            yield collection.updateOne({ sessionId }, { $set: { state: JSON.parse(JSON.stringify(state, BufferJSON.replacer)) } }, { upsert: true });
+            yield collection.updateOne({ sessionId: safeSessionId }, { $set: { state: JSON.parse(JSON.stringify(state, BufferJSON.replacer)) } }, { upsert: true });
         });
         const removeKey = (key) => __awaiter(this, void 0, void 0, function* () {
-            yield collection.updateOne({ sessionId }, { $unset: { [`state.keys.${key}`]: "" } });
+            yield collection.updateOne({ sessionId: safeSessionId }, { $unset: { [`state.keys.${key}`]: "" } });
         });
         const savedState = (yield readState()) || {};
         const creds = savedState.creds || initAuthCreds();

package/dist/cjs/Utils/save-media.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"save-media.d.ts","sourceRoot":"","sources":["../../../src/Utils/save-media.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAQ3C,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,KAAK,eAAe,EACpB,MAAM,MAAM,kBAUb,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC"}
+{"version":3,"file":"save-media.d.ts","sourceRoot":"","sources":["../../../src/Utils/save-media.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAU3C,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,KAAK,eAAe,EACpB,MAAM,MAAM,kBAUb,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC"}

package/dist/cjs/Utils/save-media.js

@@ -16,8 +16,10 @@ exports.saveAudioHandler = exports.saveDocumentHandler = exports.saveVideoHandle
 const baileys_1 = require("baileys");
 const error_1 = __importDefault(require("./error"));
 const promises_1 = __importDefault(require("fs/promises"));
-const saveMedia = (path, data) => __awaiter(void 0, void 0, void 0, function* () {
-    yield promises_1.default.writeFile(path, data.toString("base64"), "base64");
+const security_1 = require("./security");
+const saveMedia = (filePath, data) => __awaiter(void 0, void 0, void 0, function* () {
+    const safePath = (0, security_1.assertSafeFilePath)(filePath);
+    yield promises_1.default.writeFile(safePath, data.toString("base64"), "base64");
 });
 const saveImageHandler = (msg, path) => __awaiter(void 0, void 0, void 0, function* () {
     var _a;
@@ -40,8 +42,8 @@ const saveDocumentHandler = (msg, path) => __awaiter(void 0, void 0, void 0, fun
     if (!((_a = msg.message) === null || _a === void 0 ? void 0 : _a.documentMessage))
         throw new error_1.default("Message is not contain Document");
     const buf = yield (0, baileys_1.downloadMediaMessage)(msg, "buffer", {});
-    const ext = (_b = msg.message.documentMessage.fileName) === null || _b === void 0 ? void 0 : _b.split(".").pop();
-    path += "." + ext;
+    const ext = (0, security_1.sanitizeFileExtension)((_b = msg.message.documentMessage.fileName) === null || _b === void 0 ? void 0 : _b.split(".").pop());
+    path = `${(0, security_1.assertSafeFilePath)(path)}.${ext}`;
     return saveMedia(path, buf);
 });
 exports.saveDocumentHandler = saveDocumentHandler;

package/dist/cjs/Utils/security.d.ts

@@ -0,0 +1,7 @@
+export declare const assertValidIdentifier: (value: string, fieldName: string) => string;
+export declare const assertValidSessionId: (sessionId: string) => string;
+export declare const assertValidJidIdentifier: (value: string, fieldName: string) => string;
+export declare const assertSafeFilePath: (filePath: string) => string;
+export declare const sanitizeFileExtension: (extension?: string) => string;
+export declare const maskSensitiveValue: (value: string, visibleChars?: number) => string;
+//# sourceMappingURL=security.d.ts.map

package/dist/cjs/Utils/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/Utils/security.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,qBAAqB,GAAI,OAAO,MAAM,EAAE,WAAW,MAAM,KAAG,MAQxE,CAAC;AAEF,eAAO,MAAM,oBAAoB,GAAI,WAAW,MAAM,KAAG,MACV,CAAC;AAEhD,eAAO,MAAM,wBAAwB,GAAI,OAAO,MAAM,EAAE,WAAW,MAAM,KAAG,MAQ3E,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,UAAU,MAAM,KAAG,MAiBrD,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,YAAY,MAAM,KAAG,MAK1D,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,EAAE,qBAAgB,KAAG,MAKpE,CAAC"}

package/dist/cjs/Utils/security.js

@@ -0,0 +1,56 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.maskSensitiveValue = exports.sanitizeFileExtension = exports.assertSafeFilePath = exports.assertValidJidIdentifier = exports.assertValidSessionId = exports.assertValidIdentifier = void 0;
+const path_1 = __importDefault(require("path"));
+const Error_1 = require("../Error");
+const SAFE_IDENTIFIER_PATTERN = /^[A-Za-z0-9_-]{1,128}$/;
+const SAFE_JID_IDENTIFIER_PATTERN = /^[A-Za-z0-9_@.:-]{1,192}$/;
+const assertValidIdentifier = (value, fieldName) => {
+    if (typeof value !== "string" || !SAFE_IDENTIFIER_PATTERN.test(value)) {
+        throw new Error_1.WhatsappError(`${fieldName} hanya boleh berisi huruf, angka, underscore, atau dash dengan panjang 1-128 karakter`);
+    }
+    return value;
+};
+exports.assertValidIdentifier = assertValidIdentifier;
+const assertValidSessionId = (sessionId) => (0, exports.assertValidIdentifier)(sessionId, "sessionId");
+exports.assertValidSessionId = assertValidSessionId;
+const assertValidJidIdentifier = (value, fieldName) => {
+    if (typeof value !== "string" || !SAFE_JID_IDENTIFIER_PATTERN.test(value)) {
+        throw new Error_1.WhatsappError(`${fieldName} berisi karakter tidak valid atau melebihi 192 karakter`);
+    }
+    return value;
+};
+exports.assertValidJidIdentifier = assertValidJidIdentifier;
+const assertSafeFilePath = (filePath) => {
+    if (typeof filePath !== "string" || filePath.trim().length === 0) {
+        throw new Error_1.WhatsappError("File path is required");
+    }
+    if (filePath.includes("\0")) {
+        throw new Error_1.WhatsappError("File path contains invalid characters");
+    }
+    const normalized = path_1.default.normalize(filePath);
+    const baseName = path_1.default.basename(normalized);
+    if (!baseName || baseName === "." || baseName === "..") {
+        throw new Error_1.WhatsappError("File path must include a valid file name");
+    }
+    return normalized;
+};
+exports.assertSafeFilePath = assertSafeFilePath;
+const sanitizeFileExtension = (extension) => {
+    if (!extension)
+        return "bin";
+    const cleanExtension = extension.replace(/[^A-Za-z0-9]/g, "").slice(0, 16);
+    return cleanExtension || "bin";
+};
+exports.sanitizeFileExtension = sanitizeFileExtension;
+const maskSensitiveValue = (value, visibleChars = 2) => {
+    if (!value)
+        return "";
+    if (value.length <= visibleChars * 2)
+        return "*".repeat(value.length);
+    return `${value.slice(0, visibleChars)}${"*".repeat(value.length - visibleChars * 2)}${value.slice(-visibleChars)}`;
+};
+exports.maskSensitiveValue = maskSensitiveValue;

package/dist/cjs/index.d.ts

@@ -4,5 +4,6 @@ export * from "./Utils";
 export * from "./Types";
 export * from "./Profile";
 export * from "./Error";
+export * from "./Defaults";
 export * as baileys from "baileys";
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC;AAExB,OAAO,KAAK,OAAO,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC;AACxB,cAAc,YAAY,CAAC;AAE3B,OAAO,KAAK,OAAO,MAAM,SAAS,CAAC"}

package/dist/cjs/index.js

@@ -43,4 +43,5 @@ __exportStar(require("./Utils"), exports);
 __exportStar(require("./Types"), exports);
 __exportStar(require("./Profile"), exports);
 __exportStar(require("./Error"), exports);
+__exportStar(require("./Defaults"), exports);
 exports.baileys = __importStar(require("baileys"));

package/dist/index.d.ts

@@ -4,5 +4,6 @@ export * from "./Utils/index.js";
 export * from "./Types/index.js";
 export * from "./Profile/index.js";
 export * from "./Error/index.js";
+export * from "./Defaults/index.js";
 export * as baileys from "baileys";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC;AAExB,OAAO,KAAK,OAAO,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC;AACxB,cAAc,YAAY,CAAC;AAE3B,OAAO,KAAK,OAAO,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -4,4 +4,5 @@ export * from "./Utils/index.js";
 export * from "./Types/index.js";
 export * from "./Profile/index.js";
 export * from "./Error/index.js";
+export * from "./Defaults/index.js";
 export * as baileys from "baileys";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wa-multi-mongodb",
-  "version": "3.10.8",
+  "version": "3.11.1",
   "description": "Multi Session Whatsapp Library with MongoDB Integration",
   "main": "dist/cjs/index.js",
   "module": "dist/index.js",
@@ -21,7 +21,9 @@
     "build:esm": "tsc && tsc-esm-fix --source=dist --target=dist",
     "build:cjs": "tsc -p tsconfig.cjs.json",
     "start": "npm run build && node ./dist/index.js",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "npm run build",
+    "audit:security": "npm audit --audit-level=high || true",
+    "ci": "npm test"
   },
   "author": "wahdalo",
   "license": "ISC",
@@ -31,15 +33,14 @@
     "@types/node-cache": "^4.1.3",
     "@types/qrcode": "^1.5.5",
     "aws4": "^1.13.2",
-    "baileys": "^7.0.0-rc.9",
+    "baileys": "^7.0.0-rc11",
     "dotenv": "^16.5.0",
     "link-preview-js": "^3.0.14",
-    "mime": "^3.0.0",
+    "mime": "^4.1.0",
     "mongodb": "^5.7.0",
     "node-cache": "^5.1.2",
-    "pino": "^9.5.0",
-    "qrcode": "^1.5.4",
-    "qrcode-terminal": "^0.12.0"
+    "pino": "^10.3.1",
+    "qrcode": "^1.5.4"
   },
   "repository": {
     "type": "git",
@@ -54,4 +55,4 @@
     "tslib": "^2.8.1",
     "typescript": "^5.7.2"
   }
-}
+}