wa-multi-mongodb 3.11.0 → 3.11.2

package/dist/Socket/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/Socket/index.ts"],"names":[],"mappings":"AAAA,OAAqB,EAInB,QAAQ,EAGT,MAAM,SAAS,CAAC;AAMjB,OAAO,KAAK,EAEV,eAAe,EACf,cAAc,EACd,kBAAkB,EAEnB,MAAM,UAAU,CAAC;AAqHlB;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAU,KAAK,MAAM,kBAkB5C,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,GAAG,QAEjD;AAkBD,eAAO,MAAM,YAAY,GACvB,kBAAuB,EACvB,UAAS,kBAAsC,KAC9C,OAAO,CAAC,QAAQ,CAmKlB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,GACtC,WAAW,MAAM,EACjB,aAAa,MAAM,EACnB,UAAS,kBAAuB,KAC/B,OAAO,CAAC,QAAQ,CAqNlB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,iCA7Yf,kBAAkB,KAC1B,OAAO,CAAC,QAAQ,CA4YsB,CAAC;AA4C1C,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,kBAmCpD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,QAAa,OAAO,CAAC,MAAM,EAAE,CAsBtD,CAAC;AAGF,eAAO,MAAM,iBAAiB,QAAO,MAAM,EAAiC,CAAC;AAE7E,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,QAAQ,GAAG,SACrB,CAAC;AAEhC,eAAO,MAAM,oBAAoB,GAAU,8BAIxC;IACD,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,GAAG,CAAC;IACb,GAAG,CAAC,EAAE,GAAG,CAAC;CACX,KAAG,OAAO,CAAC,MAAM,CA4BjB,CAAC;AAoCF;;GAEG;AACH,eAAO,MAAM,uBAAuB,YAMnC,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,UAAU,CAAC,GAAG,EAAE,eAAe,KAAK,GAAG,SAExE,CAAC;AACF,eAAO,MAAM,WAAW,GACtB,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,KAAK,GAAG,SAGxE,CAAC;AACF,eAAO,MAAM,WAAW,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAE/D,CAAC;AACF,eAAO,MAAM,cAAc,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAElE,CAAC;AACF,eAAO,MAAM,YAAY,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAEhE,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,UAAU,CAAC,IAAI,EAAE,cAAc,KAAK,GAAG,SAEtE,CAAC;AAEF,eAAO,MAAM,aAAa,GACxB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,GAAG,SAInD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,qBAcjC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,eAAe,GAAI,SAAQ,MAAqB,EAAE,iBAAgB,MAAe,SAG7F,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,GAAI,UAAS,MAAyB,SAGnE,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,SAAS,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CA2FlE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,QAAa,OAAO,CAAC;IAAE,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAiBhG,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,QAAO,MAAM,EAE/C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,WAAW,MAAM;;;;;;CAYjD,CAAC;AAGF,eAAO,MAAM,mBAAmB,GAAI,SAAS;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,SAEA,CAAC;AAGF,eAAO,MAAM,gBAAgB,GAC3B,WAAW,MAAM,EACjB,KAAK,MAAM,EACX,aAAY,OAAe,KAC1B,OAAO,CAAC,GAAG,CA4Bb,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,kBAE3E,CAAC;AAGF,eAAO,MAAM,8BAA8B,GAAU,WAAW,MAAM,kBAErE,CAAC;AAGF,eAAO,MAAM,0BAA0B,YAEtC,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,mBAAmB,CA8C7F,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,IAAI,MAAM,KAAG,OAAO,CAAC,kBAAkB,CAgD3F,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,iBAAiB,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,eAAe,EAAE,CA6CpF,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,WAAW,GAAI,KAAK,MAAM,KAAG,OAEzC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,OAExC,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAoCzF,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,KAAK,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAkBjF,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/Socket/index.ts"],"names":[],"mappings":"AAAA,OAAqB,EAInB,QAAQ,EAGT,MAAM,SAAS,CAAC;AAMjB,OAAO,KAAK,EAEV,eAAe,EACf,cAAc,EACd,kBAAkB,EAEnB,MAAM,UAAU,CAAC;AAsHlB;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAU,KAAK,MAAM,kBAkB5C,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,GAAG,QAEjD;AAkBD,eAAO,MAAM,YAAY,GACvB,kBAAuB,EACvB,UAAS,kBAAsC,KAC9C,OAAO,CAAC,QAAQ,CAqKlB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,GACtC,WAAW,MAAM,EACjB,aAAa,MAAM,EACnB,UAAS,kBAAuB,KAC/B,OAAO,CAAC,QAAQ,CAuNlB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,iCAjZf,kBAAkB,KAC1B,OAAO,CAAC,QAAQ,CAgZsB,CAAC;AA6C1C,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,kBAoCpD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,QAAa,OAAO,CAAC,MAAM,EAAE,CAsBtD,CAAC;AAGF,eAAO,MAAM,iBAAiB,QAAO,MAAM,EAAiC,CAAC;AAE7E,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,QAAQ,GAAG,SACC,CAAC;AAEtD,eAAO,MAAM,oBAAoB,GAAU,8BAIxC;IACD,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,GAAG,CAAC;IACb,GAAG,CAAC,EAAE,GAAG,CAAC;CACX,KAAG,OAAO,CAAC,MAAM,CA4BjB,CAAC;AAsCF;;GAEG;AACH,eAAO,MAAM,uBAAuB,YAMnC,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,UAAU,CAAC,GAAG,EAAE,eAAe,KAAK,GAAG,SAExE,CAAC;AACF,eAAO,MAAM,WAAW,GACtB,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,KAAK,GAAG,SAGxE,CAAC;AACF,eAAO,MAAM,WAAW,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAE/D,CAAC;AACF,eAAO,MAAM,cAAc,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAElE,CAAC;AACF,eAAO,MAAM,YAAY,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAEhE,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,UAAU,CAAC,IAAI,EAAE,cAAc,KAAK,GAAG,SAEtE,CAAC;AAEF,eAAO,MAAM,aAAa,GACxB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,GAAG,SAInD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,qBAcjC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,eAAe,GAAI,SAAQ,MAAqB,EAAE,iBAAgB,MAAe,SAG7F,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,GAAI,UAAS,MAAyB,SAGnE,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,SAAS,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CA4FlE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,QAAa,OAAO,CAAC;IAAE,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAiBhG,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,QAAO,MAAM,EAE/C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,WAAW,MAAM;;;;;;CAajD,CAAC;AAGF,eAAO,MAAM,mBAAmB,GAAI,SAAS;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,SAEA,CAAC;AAGF,eAAO,MAAM,gBAAgB,GAC3B,WAAW,MAAM,EACjB,KAAK,MAAM,EACX,aAAY,OAAe,KAC1B,OAAO,CAAC,GAAG,CA8Bb,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,kBAI3E,CAAC;AAGF,eAAO,MAAM,8BAA8B,GAAU,WAAW,MAAM,kBAGrE,CAAC;AAGF,eAAO,MAAM,0BAA0B,YAEtC,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,mBAAmB,CAgD7F,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,IAAI,MAAM,KAAG,OAAO,CAAC,kBAAkB,CAiD3F,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,iBAAiB,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,eAAe,EAAE,CA8CpF,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,WAAW,GAAI,KAAK,MAAM,KAAG,OAEzC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,OAExC,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAqCzF,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,KAAK,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAmBjF,CAAC"}

package/dist/Socket/index.js

@@ -20,6 +20,7 @@ import { parseMessageStatusCodeToReadable } from "../Utils/message-status.js";
 import { MongoClient } from "mongodb";
 import { useMongoAuthState } from "../Utils/mongo-auth-state.js";
 import { createDelay } from "../Utils/create-delay.js";
+import { assertValidJidIdentifier, assertValidSessionId, maskSensitiveValue } from "../Utils/security.js";
 const sessions = new Map();
 /**
  * Valid PlatformType values that WhatsApp recognizes
@@ -143,6 +144,7 @@ function initMongo() {
     });
 }
 export const startSession = (...args_1) => __awaiter(void 0, [...args_1], void 0, function* (sessionId = "mysession", options = { printQR: true }) {
+    sessionId = assertValidSessionId(sessionId);
     if (isSessionExistAndRunning(sessionId))
         throw new WhatsappError(Messages.sessionAlreadyExist(sessionId));
     yield initMongo();
@@ -310,6 +312,7 @@ export const startSession = (...args_1) => __awaiter(void 0, [...args_1], void 0
  * @returns Promise<WASocket> The WhatsApp socket instance
  */
 export const startSessionWithPairingCode = (sessionId_1, phoneNumber_1, ...args_1) => __awaiter(void 0, [sessionId_1, phoneNumber_1, ...args_1], void 0, function* (sessionId, phoneNumber, options = {}) {
+    sessionId = assertValidSessionId(sessionId);
     if (isSessionExistAndRunning(sessionId))
         throw new WhatsappError(Messages.sessionAlreadyExist(sessionId));
     // Simpan informasi session pairing code untuk auto-reconnect
@@ -353,7 +356,7 @@ export const startSessionWithPairingCode = (sessionId_1, phoneNumber_1, ...args_
                     const code = yield sock.requestPairingCode(phoneNumberFormatted);
                     // Pastikan kode ada dan merupakan string
                     if (code && typeof code === 'string') {
-                        console.log(`Pairing code untuk session ${sessionId}: ${code}`);
+                        console.log(`Pairing code untuk session ${sessionId}: ${maskSensitiveValue(code)}`);
                         // Panggil callback yang terdaftar
                         (_a = callback.get(CALLBACK_KEY.ON_PAIRING_CODE)) === null || _a === void 0 ? void 0 : _a(sessionId, code);
                         (_b = options.onPairingCode) === null || _b === void 0 ? void 0 : _b.call(options, code);
@@ -522,6 +525,7 @@ export const startWhatsapp = startSession;
  * @param sessionId Session ID to soft delete
  */
 const softDeleteSession = (sessionId_1, ...args_1) => __awaiter(void 0, [sessionId_1, ...args_1], void 0, function* (sessionId, preserveData = false) {
+    sessionId = assertValidSessionId(sessionId);
     const session = getSession(sessionId);
     try {
         yield (session === null || session === void 0 ? void 0 : session.logout());
@@ -557,6 +561,7 @@ const softDeleteSession = (sessionId_1, ...args_1) => __awaiter(void 0, [session
     }
 });
 export const deleteSession = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = assertValidSessionId(sessionId);
     const session = getSession(sessionId);
     try {
         yield (session === null || session === void 0 ? void 0 : session.logout());
@@ -615,7 +620,7 @@ export const getAllSession = () => __awaiter(void 0, void 0, void 0, function* (
 });
 // Untuk backward compatibility
 export const getAllSessionSync = () => Array.from(sessions.keys());
-export const getSession = (key) => sessions.get(key);
+export const getSession = (key) => sessions.get(assertValidSessionId(key));
 export const downloadMediaMessage = (_a) => __awaiter(void 0, [_a], void 0, function* ({ sessionId, message, key, }) {
     const session = getSession(sessionId);
     if (!session) {
@@ -636,6 +641,7 @@ export const downloadMediaMessage = (_a) => __awaiter(void 0, [_a], void 0, func
     }
 });
 const isSessionExistAndRunning = (sessionId) => {
+    sessionId = assertValidSessionId(sessionId);
     // Cek jika session sudah berjalan di memory
     if (getSession(sessionId)) {
         return true;
@@ -648,6 +654,7 @@ const isSessionExistAndRunning = (sessionId) => {
  * @returns Boolean indicating if session should be loaded
  */
 const shouldLoadSession = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = assertValidSessionId(sessionId);
     // Jika session sudah berjalan di memory, tidak perlu load lagi
     if (getSession(sessionId)) {
         return false;
@@ -745,6 +752,7 @@ export const setCredentialsDir = (dirname = "wa_credentials") => {
  */
 export const reconnect = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
     try {
+        sessionId = assertValidSessionId(sessionId);
         // Cek jika session masih ada di memory
         const existingSession = sessions.get(sessionId);
         // Hapus session terlebih dahulu untuk menghindari konflik
@@ -861,6 +869,7 @@ export const getPairingCodeSessions = () => {
  * @returns Object with session status information
  */
 export const getSessionStatus = (sessionId) => {
+    sessionId = assertValidSessionId(sessionId);
     const isRunning = !!getSession(sessionId);
     const isPairingCodeSession = pairingCodeSessions.has(sessionId);
     const retryAttempts = retryCount.get(sessionId) || 0;
@@ -878,6 +887,8 @@ export const setGroupCacheConfig = (options) => {
 };
 // Fungsi baru untuk mendapatkan atau memuat data grup dengan multi-session support
 export const getGroupMetadata = (sessionId_1, jid_1, ...args_1) => __awaiter(void 0, [sessionId_1, jid_1, ...args_1], void 0, function* (sessionId, jid, forceFetch = false) {
+    sessionId = assertValidSessionId(sessionId);
+    jid = assertValidJidIdentifier(jid, "jid");
     // Get the session socket
     const sock = getSession(sessionId);
     if (!sock) {
@@ -906,10 +917,13 @@ export const getGroupMetadata = (sessionId_1, jid_1, ...args_1) => __awaiter(voi
 });
 // Fungsi baru untuk menghapus cache grup tertentu
 export const clearGroupMetadataCache = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = assertValidSessionId(sessionId);
+    jid = assertValidJidIdentifier(jid, "jid");
     yield groupCache.delete(sessionId, jid);
 });
 // Fungsi untuk membersihkan seluruh cache grup untuk session tertentu
 export const clearSessionGroupMetadataCache = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = assertValidSessionId(sessionId);
     yield groupCache.clearSessionCache(sessionId);
 });
 // Fungsi untuk membersihkan seluruh cache grup untuk semua session
@@ -941,6 +955,8 @@ export const clearAllGroupMetadataCache = () => {
  */
 export const getPNForLID = (sessionId, lid) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    sessionId = assertValidSessionId(sessionId);
+    lid = assertValidJidIdentifier(lid, "lid");
     const session = getSession(sessionId);
     if (!session) {
         return {
@@ -1008,6 +1024,7 @@ export const getPNForLID = (sessionId, lid) => __awaiter(void 0, void 0, void 0,
  */
 export const getLIDForPN = (sessionId, pn) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    sessionId = assertValidSessionId(sessionId);
     const session = getSession(sessionId);
     if (!session) {
         return {
@@ -1073,6 +1090,7 @@ export const getLIDForPN = (sessionId, pn) => __awaiter(void 0, void 0, void 0,
  * @note This may return an empty array if no mappings are available yet.
  */
 export const getAllLIDMappings = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = assertValidSessionId(sessionId);
     const session = getSession(sessionId);
     if (!session) {
         throw new WhatsappError(Messages.sessionNotFound(sessionId));
@@ -1164,6 +1182,7 @@ export const isPNFormat = (jid) => {
  * ```
  */
 export const toPhoneNumber = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = assertValidSessionId(sessionId);
     // Handle null/undefined input
     if (!jid) {
         return null;
@@ -1214,6 +1233,7 @@ export const toPhoneNumber = (sessionId, jid) => __awaiter(void 0, void 0, void
  * ```
  */
 export const toLID = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = assertValidSessionId(sessionId);
     // If already in LID format, return as-is
     if (isLIDFormat(jid)) {
         return jid;

package/dist/Utils/group-cache.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"group-cache.d.ts","sourceRoot":"","sources":["../../src/Utils/group-cache.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAKxC,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAqB;IAC5C,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAuB;IAGvC,OAAO;WAUO,WAAW,IAAI,kBAAkB;IAQlC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBpD,OAAO,CAAC,cAAc;IAKT,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoCtE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IA4B/E,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBzD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBzD,SAAS,CAAC,OAAO,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE;IAU5D,KAAK,IAAI,IAAI;CAGrB;AAGD,eAAO,MAAM,UAAU,oBAAmC,CAAC"}
+{"version":3,"file":"group-cache.d.ts","sourceRoot":"","sources":["../../src/Utils/group-cache.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAMxC,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAqB;IAC5C,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAuB;IAGvC,OAAO;WAUO,WAAW,IAAI,kBAAkB;IAQlC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBpD,OAAO,CAAC,cAAc;IAKT,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAsCtE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IA8B/E,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBzD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAmBzD,SAAS,CAAC,OAAO,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE;IAU5D,KAAK,IAAI,IAAI;CAGrB;AAGD,eAAO,MAAM,UAAU,oBAAmC,CAAC"}

package/dist/Utils/group-cache.js

@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 import NodeCache from "node-cache";
 import { MongoClient } from "mongodb";
 import { CREDENTIALS } from "../Defaults/index.js";
+import { assertValidJidIdentifier, assertValidSessionId } from "./security.js";
 // Class untuk mengelola cache group metadata dengan pendekatan hybrid (NodeCache + MongoDB)
 export class GroupMetadataCache {
     // Konstruktor private untuk singleton pattern
@@ -58,8 +59,10 @@ export class GroupMetadataCache {
     // Mendapatkan metadata grup dari cache atau MongoDB
     get(sessionId, groupId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = assertValidSessionId(sessionId);
+            const safeGroupId = assertValidJidIdentifier(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Coba ambil dari cache memory dulu
             const cachedData = this.cache.get(cacheKey);
             if (cachedData) {
@@ -69,8 +72,8 @@ export class GroupMetadataCache {
             if (this.mongoCollection) {
                 try {
                     const data = yield this.mongoCollection.findOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     });
                     if (data) {
                         // Hapus _id dari MongoDB yang tidak diperlukan
@@ -91,18 +94,20 @@ export class GroupMetadataCache {
     // Menyimpan metadata grup ke cache dan MongoDB
     set(sessionId, groupId, metadata) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = assertValidSessionId(sessionId);
+            const safeGroupId = assertValidJidIdentifier(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Simpan ke cache memory
             this.cache.set(cacheKey, metadata);
             // Jika MongoDB tersedia, simpan juga ke MongoDB
             if (this.mongoCollection) {
                 try {
                     // Tambahkan sessionId ke data yang disimpan
-                    const dataToStore = Object.assign(Object.assign({}, metadata), { sessionId });
+                    const dataToStore = Object.assign(Object.assign({}, metadata), { sessionId: safeSessionId });
                     yield this.mongoCollection.updateOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     }, { $set: dataToStore }, { upsert: true });
                 }
                 catch (error) {
@@ -114,16 +119,18 @@ export class GroupMetadataCache {
     // Menghapus metadata grup dari cache dan MongoDB
     delete(sessionId, groupId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = assertValidSessionId(sessionId);
+            const safeGroupId = assertValidJidIdentifier(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Hapus dari cache memory
             this.cache.del(cacheKey);
             // Jika MongoDB tersedia, hapus juga dari MongoDB
             if (this.mongoCollection) {
                 try {
                     yield this.mongoCollection.deleteOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     });
                 }
                 catch (error) {
@@ -135,10 +142,11 @@ export class GroupMetadataCache {
     // Menghapus semua cache untuk session tertentu
     clearSessionCache(sessionId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = assertValidSessionId(sessionId);
             // Hapus dari MongoDB
             if (this.mongoCollection) {
                 try {
-                    yield this.mongoCollection.deleteMany({ sessionId: sessionId });
+                    yield this.mongoCollection.deleteMany({ sessionId: safeSessionId });
                 }
                 catch (error) {
                     console.error(`Error clearing session ${sessionId} cache from MongoDB:`, error);
@@ -147,7 +155,7 @@ export class GroupMetadataCache {
             // Hapus dari memory cache
             // Karena NodeCache tidak mendukung wildcard delete, kita harus mendapatkan semua kunci dulu
             const allKeys = this.cache.keys();
-            const sessionKeys = allKeys.filter(key => key.startsWith(`${sessionId}:`));
+            const sessionKeys = allKeys.filter(key => key.startsWith(`${safeSessionId}:`));
             sessionKeys.forEach(key => this.cache.del(key));
         });
     }

package/dist/Utils/index.d.ts

@@ -3,4 +3,5 @@ export * from "./is-exist.js";
 export * from "./create-delay.js";
 export * from "./group-cache.js";
 export * from "./lid-utils.js";
+export * from "./security.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/Utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/Utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/Utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC"}

package/dist/Utils/index.js

@@ -3,5 +3,6 @@ export * from "./is-exist.js";
 export * from "./create-delay.js";
 export * from "./group-cache.js";
 export * from "./lid-utils.js";
+export * from "./security.js";
 // Note: setCredentialsDir & setMongoDBNames have been moved to src/Socket/index.ts
 // Please import them directly from there instead

package/dist/Utils/mongo-auth-state.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mongo-auth-state.d.ts","sourceRoot":"","sources":["../../src/Utils/mongo-auth-state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,SAAS,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAuC1C,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;;;;kBAgC7D,CAAC,SAAS,MAAM,iBAAiB,QAAQ,CAAC,OAAO,MAAM,EAAE;;;2BAWhD,GAAG;;;;GAqB/B"}
+{"version":3,"file":"mongo-auth-state.d.ts","sourceRoot":"","sources":["../../src/Utils/mongo-auth-state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,SAAS,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAwC1C,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;;;;kBAkC7D,CAAC,SAAS,MAAM,iBAAiB,QAAQ,CAAC,OAAO,MAAM,EAAE;;;2BAWhD,GAAG;;;;GAqB/B"}

package/dist/Utils/mongo-auth-state.js

@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 import { proto } from "baileys/WAProto/index.js";
 import { Curve, signedKeyPair } from "baileys/lib/Utils/crypto.js";
 import { generateRegistrationId } from "baileys/lib/Utils/generics.js";
+import { assertValidSessionId } from "./security.js";
 const BufferJSON = {
     replacer: (_, value) => {
         if (Buffer.isBuffer(value) || value instanceof Uint8Array || (value === null || value === void 0 ? void 0 : value.type) === "Buffer") {
@@ -47,17 +48,18 @@ const initAuthCreds = () => {
 };
 export function useMongoAuthState(sessionId, collection) {
     return __awaiter(this, void 0, void 0, function* () {
+        const safeSessionId = assertValidSessionId(sessionId);
         const readState = () => __awaiter(this, void 0, void 0, function* () {
-            const doc = yield collection.findOne({ sessionId });
+            const doc = yield collection.findOne({ sessionId: safeSessionId });
             return (doc === null || doc === void 0 ? void 0 : doc.state)
                 ? JSON.parse(JSON.stringify(doc.state), BufferJSON.reviver)
                 : null;
         });
         const writeState = (state) => __awaiter(this, void 0, void 0, function* () {
-            yield collection.updateOne({ sessionId }, { $set: { state: JSON.parse(JSON.stringify(state, BufferJSON.replacer)) } }, { upsert: true });
+            yield collection.updateOne({ sessionId: safeSessionId }, { $set: { state: JSON.parse(JSON.stringify(state, BufferJSON.replacer)) } }, { upsert: true });
         });
         const removeKey = (key) => __awaiter(this, void 0, void 0, function* () {
-            yield collection.updateOne({ sessionId }, { $unset: { [`state.keys.${key}`]: "" } });
+            yield collection.updateOne({ sessionId: safeSessionId }, { $unset: { [`state.keys.${key}`]: "" } });
         });
         const savedState = (yield readState()) || {};
         const creds = savedState.creds || initAuthCreds();

package/dist/Utils/save-media.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"save-media.d.ts","sourceRoot":"","sources":["../../src/Utils/save-media.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAQ3C,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,KAAK,eAAe,EACpB,MAAM,MAAM,kBAUb,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC"}
+{"version":3,"file":"save-media.d.ts","sourceRoot":"","sources":["../../src/Utils/save-media.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAU3C,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,KAAK,eAAe,EACpB,MAAM,MAAM,kBAUb,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC"}

package/dist/Utils/save-media.js

@@ -10,8 +10,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 import { downloadMediaMessage } from "baileys";
 import ValidationError from "./error.js";
 import fs from "fs/promises";
-const saveMedia = (path, data) => __awaiter(void 0, void 0, void 0, function* () {
-    yield fs.writeFile(path, data.toString("base64"), "base64");
+import { assertSafeFilePath, sanitizeFileExtension } from "./security.js";
+const saveMedia = (filePath, data) => __awaiter(void 0, void 0, void 0, function* () {
+    const safePath = assertSafeFilePath(filePath);
+    yield fs.writeFile(safePath, data.toString("base64"), "base64");
 });
 export const saveImageHandler = (msg, path) => __awaiter(void 0, void 0, void 0, function* () {
     var _a;
@@ -32,8 +34,8 @@ export const saveDocumentHandler = (msg, path) => __awaiter(void 0, void 0, void
     if (!((_a = msg.message) === null || _a === void 0 ? void 0 : _a.documentMessage))
         throw new ValidationError("Message is not contain Document");
     const buf = yield downloadMediaMessage(msg, "buffer", {});
-    const ext = (_b = msg.message.documentMessage.fileName) === null || _b === void 0 ? void 0 : _b.split(".").pop();
-    path += "." + ext;
+    const ext = sanitizeFileExtension((_b = msg.message.documentMessage.fileName) === null || _b === void 0 ? void 0 : _b.split(".").pop());
+    path = `${assertSafeFilePath(path)}.${ext}`;
     return saveMedia(path, buf);
 });
 export const saveAudioHandler = (msg, path) => __awaiter(void 0, void 0, void 0, function* () {

package/dist/Utils/security.d.ts

@@ -0,0 +1,7 @@
+export declare const assertValidIdentifier: (value: string, fieldName: string) => string;
+export declare const assertValidSessionId: (sessionId: string) => string;
+export declare const assertValidJidIdentifier: (value: string, fieldName: string) => string;
+export declare const assertSafeFilePath: (filePath: string) => string;
+export declare const sanitizeFileExtension: (extension?: string) => string;
+export declare const maskSensitiveValue: (value: string, visibleChars?: number) => string;
+//# sourceMappingURL=security.d.ts.map

package/dist/Utils/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/Utils/security.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,qBAAqB,GAAI,OAAO,MAAM,EAAE,WAAW,MAAM,KAAG,MAQxE,CAAC;AAEF,eAAO,MAAM,oBAAoB,GAAI,WAAW,MAAM,KAAG,MACV,CAAC;AAEhD,eAAO,MAAM,wBAAwB,GAAI,OAAO,MAAM,EAAE,WAAW,MAAM,KAAG,MAQ3E,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,UAAU,MAAM,KAAG,MAiBrD,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,YAAY,MAAM,KAAG,MAK1D,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,EAAE,qBAAgB,KAAG,MAKpE,CAAC"}

package/dist/Utils/security.js

@@ -0,0 +1,44 @@
+import path from "path";
+import { WhatsappError } from "../Error/index.js";
+const SAFE_IDENTIFIER_PATTERN = /^[A-Za-z0-9_-]{1,128}$/;
+const SAFE_JID_IDENTIFIER_PATTERN = /^[A-Za-z0-9_@.:-]{1,192}$/;
+export const assertValidIdentifier = (value, fieldName) => {
+    if (typeof value !== "string" || !SAFE_IDENTIFIER_PATTERN.test(value)) {
+        throw new WhatsappError(`${fieldName} hanya boleh berisi huruf, angka, underscore, atau dash dengan panjang 1-128 karakter`);
+    }
+    return value;
+};
+export const assertValidSessionId = (sessionId) => assertValidIdentifier(sessionId, "sessionId");
+export const assertValidJidIdentifier = (value, fieldName) => {
+    if (typeof value !== "string" || !SAFE_JID_IDENTIFIER_PATTERN.test(value)) {
+        throw new WhatsappError(`${fieldName} berisi karakter tidak valid atau melebihi 192 karakter`);
+    }
+    return value;
+};
+export const assertSafeFilePath = (filePath) => {
+    if (typeof filePath !== "string" || filePath.trim().length === 0) {
+        throw new WhatsappError("File path is required");
+    }
+    if (filePath.includes("\0")) {
+        throw new WhatsappError("File path contains invalid characters");
+    }
+    const normalized = path.normalize(filePath);
+    const baseName = path.basename(normalized);
+    if (!baseName || baseName === "." || baseName === "..") {
+        throw new WhatsappError("File path must include a valid file name");
+    }
+    return normalized;
+};
+export const sanitizeFileExtension = (extension) => {
+    if (!extension)
+        return "bin";
+    const cleanExtension = extension.replace(/[^A-Za-z0-9]/g, "").slice(0, 16);
+    return cleanExtension || "bin";
+};
+export const maskSensitiveValue = (value, visibleChars = 2) => {
+    if (!value)
+        return "";
+    if (value.length <= visibleChars * 2)
+        return "*".repeat(value.length);
+    return `${value.slice(0, visibleChars)}${"*".repeat(value.length - visibleChars * 2)}${value.slice(-visibleChars)}`;
+};

package/dist/cjs/Socket/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/Socket/index.ts"],"names":[],"mappings":"AAAA,OAAqB,EAInB,QAAQ,EAGT,MAAM,SAAS,CAAC;AAMjB,OAAO,KAAK,EAEV,eAAe,EACf,cAAc,EACd,kBAAkB,EAEnB,MAAM,UAAU,CAAC;AAqHlB;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAU,KAAK,MAAM,kBAkB5C,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,GAAG,QAEjD;AAkBD,eAAO,MAAM,YAAY,GACvB,kBAAuB,EACvB,UAAS,kBAAsC,KAC9C,OAAO,CAAC,QAAQ,CAmKlB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,GACtC,WAAW,MAAM,EACjB,aAAa,MAAM,EACnB,UAAS,kBAAuB,KAC/B,OAAO,CAAC,QAAQ,CAqNlB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,iCA7Yf,kBAAkB,KAC1B,OAAO,CAAC,QAAQ,CA4YsB,CAAC;AA4C1C,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,kBAmCpD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,QAAa,OAAO,CAAC,MAAM,EAAE,CAsBtD,CAAC;AAGF,eAAO,MAAM,iBAAiB,QAAO,MAAM,EAAiC,CAAC;AAE7E,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,QAAQ,GAAG,SACrB,CAAC;AAEhC,eAAO,MAAM,oBAAoB,GAAU,8BAIxC;IACD,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,GAAG,CAAC;IACb,GAAG,CAAC,EAAE,GAAG,CAAC;CACX,KAAG,OAAO,CAAC,MAAM,CA4BjB,CAAC;AAoCF;;GAEG;AACH,eAAO,MAAM,uBAAuB,YAMnC,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,UAAU,CAAC,GAAG,EAAE,eAAe,KAAK,GAAG,SAExE,CAAC;AACF,eAAO,MAAM,WAAW,GACtB,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,KAAK,GAAG,SAGxE,CAAC;AACF,eAAO,MAAM,WAAW,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAE/D,CAAC;AACF,eAAO,MAAM,cAAc,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAElE,CAAC;AACF,eAAO,MAAM,YAAY,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAEhE,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,UAAU,CAAC,IAAI,EAAE,cAAc,KAAK,GAAG,SAEtE,CAAC;AAEF,eAAO,MAAM,aAAa,GACxB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,GAAG,SAInD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,qBAcjC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,eAAe,GAAI,SAAQ,MAAqB,EAAE,iBAAgB,MAAe,SAG7F,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,GAAI,UAAS,MAAyB,SAGnE,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,SAAS,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CA2FlE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,QAAa,OAAO,CAAC;IAAE,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAiBhG,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,QAAO,MAAM,EAE/C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,WAAW,MAAM;;;;;;CAYjD,CAAC;AAGF,eAAO,MAAM,mBAAmB,GAAI,SAAS;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,SAEA,CAAC;AAGF,eAAO,MAAM,gBAAgB,GAC3B,WAAW,MAAM,EACjB,KAAK,MAAM,EACX,aAAY,OAAe,KAC1B,OAAO,CAAC,GAAG,CA4Bb,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,kBAE3E,CAAC;AAGF,eAAO,MAAM,8BAA8B,GAAU,WAAW,MAAM,kBAErE,CAAC;AAGF,eAAO,MAAM,0BAA0B,YAEtC,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,mBAAmB,CA8C7F,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,IAAI,MAAM,KAAG,OAAO,CAAC,kBAAkB,CAgD3F,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,iBAAiB,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,eAAe,EAAE,CA6CpF,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,WAAW,GAAI,KAAK,MAAM,KAAG,OAEzC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,OAExC,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAoCzF,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,KAAK,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAkBjF,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/Socket/index.ts"],"names":[],"mappings":"AAAA,OAAqB,EAInB,QAAQ,EAGT,MAAM,SAAS,CAAC;AAMjB,OAAO,KAAK,EAEV,eAAe,EACf,cAAc,EACd,kBAAkB,EAEnB,MAAM,UAAU,CAAC;AAsHlB;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAU,KAAK,MAAM,kBAkB5C,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,GAAG,QAEjD;AAkBD,eAAO,MAAM,YAAY,GACvB,kBAAuB,EACvB,UAAS,kBAAsC,KAC9C,OAAO,CAAC,QAAQ,CAqKlB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,GACtC,WAAW,MAAM,EACjB,aAAa,MAAM,EACnB,UAAS,kBAAuB,KAC/B,OAAO,CAAC,QAAQ,CAuNlB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,iCAjZf,kBAAkB,KAC1B,OAAO,CAAC,QAAQ,CAgZsB,CAAC;AA6C1C,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,kBAoCpD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,QAAa,OAAO,CAAC,MAAM,EAAE,CAsBtD,CAAC;AAGF,eAAO,MAAM,iBAAiB,QAAO,MAAM,EAAiC,CAAC;AAE7E,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,QAAQ,GAAG,SACC,CAAC;AAEtD,eAAO,MAAM,oBAAoB,GAAU,8BAIxC;IACD,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,GAAG,CAAC;IACb,GAAG,CAAC,EAAE,GAAG,CAAC;CACX,KAAG,OAAO,CAAC,MAAM,CA4BjB,CAAC;AAsCF;;GAEG;AACH,eAAO,MAAM,uBAAuB,YAMnC,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,UAAU,CAAC,GAAG,EAAE,eAAe,KAAK,GAAG,SAExE,CAAC;AACF,eAAO,MAAM,WAAW,GACtB,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,KAAK,GAAG,SAGxE,CAAC;AACF,eAAO,MAAM,WAAW,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAE/D,CAAC;AACF,eAAO,MAAM,cAAc,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAElE,CAAC;AACF,eAAO,MAAM,YAAY,GAAI,UAAU,CAAC,SAAS,EAAE,MAAM,KAAK,GAAG,SAEhE,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,UAAU,CAAC,IAAI,EAAE,cAAc,KAAK,GAAG,SAEtE,CAAC;AAEF,eAAO,MAAM,aAAa,GACxB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,GAAG,SAInD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,qBAcjC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,eAAe,GAAI,SAAQ,MAAqB,EAAE,iBAAgB,MAAe,SAG7F,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,GAAI,UAAS,MAAyB,SAGnE,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,SAAS,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CA4FlE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,QAAa,OAAO,CAAC;IAAE,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAiBhG,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,QAAO,MAAM,EAE/C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,WAAW,MAAM;;;;;;CAajD,CAAC;AAGF,eAAO,MAAM,mBAAmB,GAAI,SAAS;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,SAEA,CAAC;AAGF,eAAO,MAAM,gBAAgB,GAC3B,WAAW,MAAM,EACjB,KAAK,MAAM,EACX,aAAY,OAAe,KAC1B,OAAO,CAAC,GAAG,CA8Bb,CAAC;AAGF,eAAO,MAAM,uBAAuB,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,kBAI3E,CAAC;AAGF,eAAO,MAAM,8BAA8B,GAAU,WAAW,MAAM,kBAGrE,CAAC;AAGF,eAAO,MAAM,0BAA0B,YAEtC,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,mBAAmB,CAgD7F,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,WAAW,GAAU,WAAW,MAAM,EAAE,IAAI,MAAM,KAAG,OAAO,CAAC,kBAAkB,CAiD3F,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,iBAAiB,GAAU,WAAW,MAAM,KAAG,OAAO,CAAC,eAAe,EAAE,CA8CpF,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,WAAW,GAAI,KAAK,MAAM,KAAG,OAEzC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,OAExC,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,aAAa,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAqCzF,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,KAAK,GAAU,WAAW,MAAM,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAmBjF,CAAC"}

package/dist/cjs/Socket/index.js

@@ -60,6 +60,7 @@ const message_status_1 = require("../Utils/message-status");
 const mongodb_1 = require("mongodb");
 const mongo_auth_state_1 = require("../Utils/mongo-auth-state");
 const create_delay_1 = require("../Utils/create-delay");
+const security_1 = require("../Utils/security");
 const sessions = new Map();
 /**
  * Valid PlatformType values that WhatsApp recognizes
@@ -184,6 +185,7 @@ function initMongo() {
     });
 }
 const startSession = (...args_1) => __awaiter(void 0, [...args_1], void 0, function* (sessionId = "mysession", options = { printQR: true }) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     if (isSessionExistAndRunning(sessionId))
         throw new Error_1.WhatsappError(Defaults_1.Messages.sessionAlreadyExist(sessionId));
     yield initMongo();
@@ -352,6 +354,7 @@ exports.startSession = startSession;
  * @returns Promise<WASocket> The WhatsApp socket instance
  */
 const startSessionWithPairingCode = (sessionId_1, phoneNumber_1, ...args_1) => __awaiter(void 0, [sessionId_1, phoneNumber_1, ...args_1], void 0, function* (sessionId, phoneNumber, options = {}) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     if (isSessionExistAndRunning(sessionId))
         throw new Error_1.WhatsappError(Defaults_1.Messages.sessionAlreadyExist(sessionId));
     // Simpan informasi session pairing code untuk auto-reconnect
@@ -395,7 +398,7 @@ const startSessionWithPairingCode = (sessionId_1, phoneNumber_1, ...args_1) => _
                     const code = yield sock.requestPairingCode(phoneNumberFormatted);
                     // Pastikan kode ada dan merupakan string
                     if (code && typeof code === 'string') {
-                        console.log(`Pairing code untuk session ${sessionId}: ${code}`);
+                        console.log(`Pairing code untuk session ${sessionId}: ${(0, security_1.maskSensitiveValue)(code)}`);
                         // Panggil callback yang terdaftar
                         (_a = callback.get(Defaults_1.CALLBACK_KEY.ON_PAIRING_CODE)) === null || _a === void 0 ? void 0 : _a(sessionId, code);
                         (_b = options.onPairingCode) === null || _b === void 0 ? void 0 : _b.call(options, code);
@@ -565,6 +568,7 @@ exports.startWhatsapp = exports.startSession;
  * @param sessionId Session ID to soft delete
  */
 const softDeleteSession = (sessionId_1, ...args_1) => __awaiter(void 0, [sessionId_1, ...args_1], void 0, function* (sessionId, preserveData = false) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     try {
         yield (session === null || session === void 0 ? void 0 : session.logout());
@@ -600,6 +604,7 @@ const softDeleteSession = (sessionId_1, ...args_1) => __awaiter(void 0, [session
     }
 });
 const deleteSession = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     try {
         yield (session === null || session === void 0 ? void 0 : session.logout());
@@ -661,7 +666,7 @@ exports.getAllSession = getAllSession;
 // Untuk backward compatibility
 const getAllSessionSync = () => Array.from(sessions.keys());
 exports.getAllSessionSync = getAllSessionSync;
-const getSession = (key) => sessions.get(key);
+const getSession = (key) => sessions.get((0, security_1.assertValidSessionId)(key));
 exports.getSession = getSession;
 const downloadMediaMessage = (_a) => __awaiter(void 0, [_a], void 0, function* ({ sessionId, message, key, }) {
     const session = (0, exports.getSession)(sessionId);
@@ -684,6 +689,7 @@ const downloadMediaMessage = (_a) => __awaiter(void 0, [_a], void 0, function* (
 });
 exports.downloadMediaMessage = downloadMediaMessage;
 const isSessionExistAndRunning = (sessionId) => {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // Cek jika session sudah berjalan di memory
     if ((0, exports.getSession)(sessionId)) {
         return true;
@@ -696,6 +702,7 @@ const isSessionExistAndRunning = (sessionId) => {
  * @returns Boolean indicating if session should be loaded
  */
 const shouldLoadSession = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // Jika session sudah berjalan di memory, tidak perlu load lagi
     if ((0, exports.getSession)(sessionId)) {
         return false;
@@ -804,6 +811,7 @@ exports.setCredentialsDir = setCredentialsDir;
  */
 const reconnect = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
     try {
+        sessionId = (0, security_1.assertValidSessionId)(sessionId);
         // Cek jika session masih ada di memory
         const existingSession = sessions.get(sessionId);
         // Hapus session terlebih dahulu untuk menghindari konflik
@@ -923,6 +931,7 @@ exports.getPairingCodeSessions = getPairingCodeSessions;
  * @returns Object with session status information
  */
 const getSessionStatus = (sessionId) => {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const isRunning = !!(0, exports.getSession)(sessionId);
     const isPairingCodeSession = pairingCodeSessions.has(sessionId);
     const retryAttempts = retryCount.get(sessionId) || 0;
@@ -942,6 +951,8 @@ const setGroupCacheConfig = (options) => {
 exports.setGroupCacheConfig = setGroupCacheConfig;
 // Fungsi baru untuk mendapatkan atau memuat data grup dengan multi-session support
 const getGroupMetadata = (sessionId_1, jid_1, ...args_1) => __awaiter(void 0, [sessionId_1, jid_1, ...args_1], void 0, function* (sessionId, jid, forceFetch = false) {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
+    jid = (0, security_1.assertValidJidIdentifier)(jid, "jid");
     // Get the session socket
     const sock = (0, exports.getSession)(sessionId);
     if (!sock) {
@@ -971,11 +982,14 @@ const getGroupMetadata = (sessionId_1, jid_1, ...args_1) => __awaiter(void 0, [s
 exports.getGroupMetadata = getGroupMetadata;
 // Fungsi baru untuk menghapus cache grup tertentu
 const clearGroupMetadataCache = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
+    jid = (0, security_1.assertValidJidIdentifier)(jid, "jid");
     yield Utils_1.groupCache.delete(sessionId, jid);
 });
 exports.clearGroupMetadataCache = clearGroupMetadataCache;
 // Fungsi untuk membersihkan seluruh cache grup untuk session tertentu
 const clearSessionGroupMetadataCache = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     yield Utils_1.groupCache.clearSessionCache(sessionId);
 });
 exports.clearSessionGroupMetadataCache = clearSessionGroupMetadataCache;
@@ -1009,6 +1023,8 @@ exports.clearAllGroupMetadataCache = clearAllGroupMetadataCache;
  */
 const getPNForLID = (sessionId, lid) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
+    lid = (0, security_1.assertValidJidIdentifier)(lid, "lid");
     const session = (0, exports.getSession)(sessionId);
     if (!session) {
         return {
@@ -1077,6 +1093,7 @@ exports.getPNForLID = getPNForLID;
  */
 const getLIDForPN = (sessionId, pn) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     if (!session) {
         return {
@@ -1143,6 +1160,7 @@ exports.getLIDForPN = getLIDForPN;
  * @note This may return an empty array if no mappings are available yet.
  */
 const getAllLIDMappings = (sessionId) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     const session = (0, exports.getSession)(sessionId);
     if (!session) {
         throw new Error_1.WhatsappError(Defaults_1.Messages.sessionNotFound(sessionId));
@@ -1237,6 +1255,7 @@ exports.isPNFormat = isPNFormat;
  * ```
  */
 const toPhoneNumber = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // Handle null/undefined input
     if (!jid) {
         return null;
@@ -1288,6 +1307,7 @@ exports.toPhoneNumber = toPhoneNumber;
  * ```
  */
 const toLID = (sessionId, jid) => __awaiter(void 0, void 0, void 0, function* () {
+    sessionId = (0, security_1.assertValidSessionId)(sessionId);
     // If already in LID format, return as-is
     if ((0, exports.isLIDFormat)(jid)) {
         return jid;

package/dist/cjs/Utils/group-cache.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"group-cache.d.ts","sourceRoot":"","sources":["../../../src/Utils/group-cache.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAKxC,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAqB;IAC5C,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAuB;IAGvC,OAAO;WAUO,WAAW,IAAI,kBAAkB;IAQlC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBpD,OAAO,CAAC,cAAc;IAKT,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoCtE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IA4B/E,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBzD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBzD,SAAS,CAAC,OAAO,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE;IAU5D,KAAK,IAAI,IAAI;CAGrB;AAGD,eAAO,MAAM,UAAU,oBAAmC,CAAC"}
+{"version":3,"file":"group-cache.d.ts","sourceRoot":"","sources":["../../../src/Utils/group-cache.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAMxC,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAqB;IAC5C,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAuB;IAGvC,OAAO;WAUO,WAAW,IAAI,kBAAkB;IAQlC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBpD,OAAO,CAAC,cAAc;IAKT,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAsCtE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IA8B/E,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBzD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAmBzD,SAAS,CAAC,OAAO,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE;IAU5D,KAAK,IAAI,IAAI;CAGrB;AAGD,eAAO,MAAM,UAAU,oBAAmC,CAAC"}

package/dist/cjs/Utils/group-cache.js

@@ -16,6 +16,7 @@ exports.groupCache = exports.GroupMetadataCache = void 0;
 const node_cache_1 = __importDefault(require("node-cache"));
 const mongodb_1 = require("mongodb");
 const Defaults_1 = require("../Defaults");
+const security_1 = require("./security");
 // Class untuk mengelola cache group metadata dengan pendekatan hybrid (NodeCache + MongoDB)
 class GroupMetadataCache {
     // Konstruktor private untuk singleton pattern
@@ -64,8 +65,10 @@ class GroupMetadataCache {
     // Mendapatkan metadata grup dari cache atau MongoDB
     get(sessionId, groupId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
+            const safeGroupId = (0, security_1.assertValidJidIdentifier)(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Coba ambil dari cache memory dulu
             const cachedData = this.cache.get(cacheKey);
             if (cachedData) {
@@ -75,8 +78,8 @@ class GroupMetadataCache {
             if (this.mongoCollection) {
                 try {
                     const data = yield this.mongoCollection.findOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     });
                     if (data) {
                         // Hapus _id dari MongoDB yang tidak diperlukan
@@ -97,18 +100,20 @@ class GroupMetadataCache {
     // Menyimpan metadata grup ke cache dan MongoDB
     set(sessionId, groupId, metadata) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
+            const safeGroupId = (0, security_1.assertValidJidIdentifier)(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Simpan ke cache memory
             this.cache.set(cacheKey, metadata);
             // Jika MongoDB tersedia, simpan juga ke MongoDB
             if (this.mongoCollection) {
                 try {
                     // Tambahkan sessionId ke data yang disimpan
-                    const dataToStore = Object.assign(Object.assign({}, metadata), { sessionId });
+                    const dataToStore = Object.assign(Object.assign({}, metadata), { sessionId: safeSessionId });
                     yield this.mongoCollection.updateOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     }, { $set: dataToStore }, { upsert: true });
                 }
                 catch (error) {
@@ -120,16 +125,18 @@ class GroupMetadataCache {
     // Menghapus metadata grup dari cache dan MongoDB
     delete(sessionId, groupId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
+            const safeGroupId = (0, security_1.assertValidJidIdentifier)(groupId, "groupId");
             // Buat kunci cache dengan kombinasi sessionId dan groupId
-            const cacheKey = this.createCacheKey(sessionId, groupId);
+            const cacheKey = this.createCacheKey(safeSessionId, safeGroupId);
             // Hapus dari cache memory
             this.cache.del(cacheKey);
             // Jika MongoDB tersedia, hapus juga dari MongoDB
             if (this.mongoCollection) {
                 try {
                     yield this.mongoCollection.deleteOne({
-                        id: groupId,
-                        sessionId: sessionId
+                        id: safeGroupId,
+                        sessionId: safeSessionId
                     });
                 }
                 catch (error) {
@@ -141,10 +148,11 @@ class GroupMetadataCache {
     // Menghapus semua cache untuk session tertentu
     clearSessionCache(sessionId) {
         return __awaiter(this, void 0, void 0, function* () {
+            const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
             // Hapus dari MongoDB
             if (this.mongoCollection) {
                 try {
-                    yield this.mongoCollection.deleteMany({ sessionId: sessionId });
+                    yield this.mongoCollection.deleteMany({ sessionId: safeSessionId });
                 }
                 catch (error) {
                     console.error(`Error clearing session ${sessionId} cache from MongoDB:`, error);
@@ -153,7 +161,7 @@ class GroupMetadataCache {
             // Hapus dari memory cache
             // Karena NodeCache tidak mendukung wildcard delete, kita harus mendapatkan semua kunci dulu
             const allKeys = this.cache.keys();
-            const sessionKeys = allKeys.filter(key => key.startsWith(`${sessionId}:`));
+            const sessionKeys = allKeys.filter(key => key.startsWith(`${safeSessionId}:`));
             sessionKeys.forEach(key => this.cache.del(key));
         });
     }

package/dist/cjs/Utils/index.d.ts

@@ -3,4 +3,5 @@ export * from "./is-exist";
 export * from "./create-delay";
 export * from "./group-cache";
 export * from "./lid-utils";
+export * from "./security";
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/Utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/Utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/Utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC"}

package/dist/cjs/Utils/index.js

@@ -19,5 +19,6 @@ __exportStar(require("./is-exist"), exports);
 __exportStar(require("./create-delay"), exports);
 __exportStar(require("./group-cache"), exports);
 __exportStar(require("./lid-utils"), exports);
+__exportStar(require("./security"), exports);
 // Note: setCredentialsDir & setMongoDBNames have been moved to src/Socket/index.ts
 // Please import them directly from there instead

package/dist/cjs/Utils/mongo-auth-state.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mongo-auth-state.d.ts","sourceRoot":"","sources":["../../../src/Utils/mongo-auth-state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,SAAS,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAuC1C,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;;;;kBAgC7D,CAAC,SAAS,MAAM,iBAAiB,QAAQ,CAAC,OAAO,MAAM,EAAE;;;2BAWhD,GAAG;;;;GAqB/B"}
+{"version":3,"file":"mongo-auth-state.d.ts","sourceRoot":"","sources":["../../../src/Utils/mongo-auth-state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,SAAS,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAwC1C,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;;;;kBAkC7D,CAAC,SAAS,MAAM,iBAAiB,QAAQ,CAAC,OAAO,MAAM,EAAE;;;2BAWhD,GAAG;;;;GAqB/B"}

package/dist/cjs/Utils/mongo-auth-state.js

@@ -13,6 +13,7 @@ exports.useMongoAuthState = useMongoAuthState;
 const WAProto_1 = require("baileys/WAProto");
 const crypto_1 = require("baileys/lib/Utils/crypto");
 const generics_1 = require("baileys/lib/Utils/generics");
+const security_1 = require("./security");
 const BufferJSON = {
     replacer: (_, value) => {
         if (Buffer.isBuffer(value) || value instanceof Uint8Array || (value === null || value === void 0 ? void 0 : value.type) === "Buffer") {
@@ -50,17 +51,18 @@ const initAuthCreds = () => {
 };
 function useMongoAuthState(sessionId, collection) {
     return __awaiter(this, void 0, void 0, function* () {
+        const safeSessionId = (0, security_1.assertValidSessionId)(sessionId);
         const readState = () => __awaiter(this, void 0, void 0, function* () {
-            const doc = yield collection.findOne({ sessionId });
+            const doc = yield collection.findOne({ sessionId: safeSessionId });
             return (doc === null || doc === void 0 ? void 0 : doc.state)
                 ? JSON.parse(JSON.stringify(doc.state), BufferJSON.reviver)
                 : null;
         });
         const writeState = (state) => __awaiter(this, void 0, void 0, function* () {
-            yield collection.updateOne({ sessionId }, { $set: { state: JSON.parse(JSON.stringify(state, BufferJSON.replacer)) } }, { upsert: true });
+            yield collection.updateOne({ sessionId: safeSessionId }, { $set: { state: JSON.parse(JSON.stringify(state, BufferJSON.replacer)) } }, { upsert: true });
         });
         const removeKey = (key) => __awaiter(this, void 0, void 0, function* () {
-            yield collection.updateOne({ sessionId }, { $unset: { [`state.keys.${key}`]: "" } });
+            yield collection.updateOne({ sessionId: safeSessionId }, { $unset: { [`state.keys.${key}`]: "" } });
         });
         const savedState = (yield readState()) || {};
         const creds = savedState.creds || initAuthCreds();

package/dist/cjs/Utils/save-media.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"save-media.d.ts","sourceRoot":"","sources":["../../../src/Utils/save-media.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAQ3C,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,KAAK,eAAe,EACpB,MAAM,MAAM,kBAUb,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC"}
+{"version":3,"file":"save-media.d.ts","sourceRoot":"","sources":["../../../src/Utils/save-media.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAU3C,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,KAAK,eAAe,EACpB,MAAM,MAAM,kBAUb,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,KAAK,eAAe,EAAE,MAAM,MAAM,kBAOxE,CAAC"}

package/dist/cjs/Utils/save-media.js

@@ -16,8 +16,10 @@ exports.saveAudioHandler = exports.saveDocumentHandler = exports.saveVideoHandle
 const baileys_1 = require("baileys");
 const error_1 = __importDefault(require("./error"));
 const promises_1 = __importDefault(require("fs/promises"));
-const saveMedia = (path, data) => __awaiter(void 0, void 0, void 0, function* () {
-    yield promises_1.default.writeFile(path, data.toString("base64"), "base64");
+const security_1 = require("./security");
+const saveMedia = (filePath, data) => __awaiter(void 0, void 0, void 0, function* () {
+    const safePath = (0, security_1.assertSafeFilePath)(filePath);
+    yield promises_1.default.writeFile(safePath, data.toString("base64"), "base64");
 });
 const saveImageHandler = (msg, path) => __awaiter(void 0, void 0, void 0, function* () {
     var _a;
@@ -40,8 +42,8 @@ const saveDocumentHandler = (msg, path) => __awaiter(void 0, void 0, void 0, fun
     if (!((_a = msg.message) === null || _a === void 0 ? void 0 : _a.documentMessage))
         throw new error_1.default("Message is not contain Document");
     const buf = yield (0, baileys_1.downloadMediaMessage)(msg, "buffer", {});
-    const ext = (_b = msg.message.documentMessage.fileName) === null || _b === void 0 ? void 0 : _b.split(".").pop();
-    path += "." + ext;
+    const ext = (0, security_1.sanitizeFileExtension)((_b = msg.message.documentMessage.fileName) === null || _b === void 0 ? void 0 : _b.split(".").pop());
+    path = `${(0, security_1.assertSafeFilePath)(path)}.${ext}`;
     return saveMedia(path, buf);
 });
 exports.saveDocumentHandler = saveDocumentHandler;

package/dist/cjs/Utils/security.d.ts

@@ -0,0 +1,7 @@
+export declare const assertValidIdentifier: (value: string, fieldName: string) => string;
+export declare const assertValidSessionId: (sessionId: string) => string;
+export declare const assertValidJidIdentifier: (value: string, fieldName: string) => string;
+export declare const assertSafeFilePath: (filePath: string) => string;
+export declare const sanitizeFileExtension: (extension?: string) => string;
+export declare const maskSensitiveValue: (value: string, visibleChars?: number) => string;
+//# sourceMappingURL=security.d.ts.map

package/dist/cjs/Utils/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/Utils/security.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,qBAAqB,GAAI,OAAO,MAAM,EAAE,WAAW,MAAM,KAAG,MAQxE,CAAC;AAEF,eAAO,MAAM,oBAAoB,GAAI,WAAW,MAAM,KAAG,MACV,CAAC;AAEhD,eAAO,MAAM,wBAAwB,GAAI,OAAO,MAAM,EAAE,WAAW,MAAM,KAAG,MAQ3E,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,UAAU,MAAM,KAAG,MAiBrD,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,YAAY,MAAM,KAAG,MAK1D,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,EAAE,qBAAgB,KAAG,MAKpE,CAAC"}

package/dist/cjs/Utils/security.js

@@ -0,0 +1,56 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.maskSensitiveValue = exports.sanitizeFileExtension = exports.assertSafeFilePath = exports.assertValidJidIdentifier = exports.assertValidSessionId = exports.assertValidIdentifier = void 0;
+const path_1 = __importDefault(require("path"));
+const Error_1 = require("../Error");
+const SAFE_IDENTIFIER_PATTERN = /^[A-Za-z0-9_-]{1,128}$/;
+const SAFE_JID_IDENTIFIER_PATTERN = /^[A-Za-z0-9_@.:-]{1,192}$/;
+const assertValidIdentifier = (value, fieldName) => {
+    if (typeof value !== "string" || !SAFE_IDENTIFIER_PATTERN.test(value)) {
+        throw new Error_1.WhatsappError(`${fieldName} hanya boleh berisi huruf, angka, underscore, atau dash dengan panjang 1-128 karakter`);
+    }
+    return value;
+};
+exports.assertValidIdentifier = assertValidIdentifier;
+const assertValidSessionId = (sessionId) => (0, exports.assertValidIdentifier)(sessionId, "sessionId");
+exports.assertValidSessionId = assertValidSessionId;
+const assertValidJidIdentifier = (value, fieldName) => {
+    if (typeof value !== "string" || !SAFE_JID_IDENTIFIER_PATTERN.test(value)) {
+        throw new Error_1.WhatsappError(`${fieldName} berisi karakter tidak valid atau melebihi 192 karakter`);
+    }
+    return value;
+};
+exports.assertValidJidIdentifier = assertValidJidIdentifier;
+const assertSafeFilePath = (filePath) => {
+    if (typeof filePath !== "string" || filePath.trim().length === 0) {
+        throw new Error_1.WhatsappError("File path is required");
+    }
+    if (filePath.includes("\0")) {
+        throw new Error_1.WhatsappError("File path contains invalid characters");
+    }
+    const normalized = path_1.default.normalize(filePath);
+    const baseName = path_1.default.basename(normalized);
+    if (!baseName || baseName === "." || baseName === "..") {
+        throw new Error_1.WhatsappError("File path must include a valid file name");
+    }
+    return normalized;
+};
+exports.assertSafeFilePath = assertSafeFilePath;
+const sanitizeFileExtension = (extension) => {
+    if (!extension)
+        return "bin";
+    const cleanExtension = extension.replace(/[^A-Za-z0-9]/g, "").slice(0, 16);
+    return cleanExtension || "bin";
+};
+exports.sanitizeFileExtension = sanitizeFileExtension;
+const maskSensitiveValue = (value, visibleChars = 2) => {
+    if (!value)
+        return "";
+    if (value.length <= visibleChars * 2)
+        return "*".repeat(value.length);
+    return `${value.slice(0, visibleChars)}${"*".repeat(value.length - visibleChars * 2)}${value.slice(-visibleChars)}`;
+};
+exports.maskSensitiveValue = maskSensitiveValue;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wa-multi-mongodb",
-  "version": "3.11.0",
+  "version": "3.11.2",
   "description": "Multi Session Whatsapp Library with MongoDB Integration",
   "main": "dist/cjs/index.js",
   "module": "dist/index.js",
@@ -21,7 +21,9 @@
     "build:esm": "tsc && tsc-esm-fix --source=dist --target=dist",
     "build:cjs": "tsc -p tsconfig.cjs.json",
     "start": "npm run build && node ./dist/index.js",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "npm run build",
+    "audit:security": "npm audit --audit-level=high || true",
+    "ci": "npm test"
   },
   "author": "wahdalo",
   "license": "ISC",
@@ -31,15 +33,14 @@
     "@types/node-cache": "^4.1.3",
     "@types/qrcode": "^1.5.5",
     "aws4": "^1.13.2",
-    "baileys": "^7.0.0-rc11",
+    "baileys": "^7.0.0-rc13",
     "dotenv": "^16.5.0",
     "link-preview-js": "^3.0.14",
-    "mime": "^3.0.0",
+    "mime": "^4.1.0",
     "mongodb": "^5.7.0",
     "node-cache": "^5.1.2",
-    "pino": "^9.5.0",
-    "qrcode": "^1.5.4",
-    "qrcode-terminal": "^0.12.0"
+    "pino": "^10.3.1",
+    "qrcode": "^1.5.4"
   },
   "repository": {
     "type": "git",