whalibmob 5.5.27 → 5.5.29

package/lib/Client.js

@@ -134,7 +134,8 @@ class WhalibmobClient extends EventEmitter {
     this._appStateVersions = {};          // collectionName → version (int)
     this._sentMsgCache     = new Map();   // msgId → {plaintext, toJid, msgId, mediaType, options, recipientPhone}
     this._tcTokenStore            = null; // TcTokenStore — loaded in init()
-    this._inFlightTcTokenIssuance = new Set(); // dedupe concurrent issuePrivacyTokens calls per JID
+    this._inFlightTcTokenIssuance = new Set(); // dedupe concurrent proactive issuePrivacyTokens per JID
+    this._inFlight463Recoveries   = new Set(); // dedupe concurrent 463-triggered token issuances per JID (separate from proactive)
   }
 
   get store()     { return this._store; }
@@ -832,25 +833,12 @@ class WhalibmobClient extends EventEmitter {
         handler(attrs);
       }
 
-      // ─── Error 463: reachout timelock / missing tcToken ─────────────────
-      // The server returns error 463 when a DM is sent without a tctoken node
-      // and the account has hit the "reaching out" rate limit.
-      // Recovery: immediately issue a privacy token to the sender and store it
-      // so future messages carry the <tctoken> node automatically.
-      if (error === '463') {
-        const from = attrs.from ? String(attrs.from) : '';
-        process.stderr.write('[DBG] ACK_463 from=' + from + ' id=' + id + '\n');
-        if (from && this._tcTokenStore && !this._inFlightTcTokenIssuance.has(from)) {
-          this._inFlightTcTokenIssuance.add(from);
-          const issueTs = Math.floor(Date.now() / 1000);
-          const { normalizeJidForTcToken } = require('./messages/TcTokenStore');
-          const tcJid = normalizeJidForTcToken(from);
-          this._issuePrivacyTokens(from, issueTs)
-            .then(result => this._storeTcTokenFromIqResult(result, tcJid, issueTs))
-            .catch(() => {})
-            .finally(() => this._inFlightTcTokenIssuance.delete(from));
-        }
-      }
+      // ─── Error 463 ───────────────────────────────────────────────────────
+      // 463 recovery is fully handled inside MessageSender._dispatchAndAck:
+      // it issues the privacy token then automatically re-sends the message
+      // so the caller's promise resolves transparently (no loop).
+      // Nothing to do here — the pendingAck handler above already drove the
+      // recovery via _inFlight463Recoveries + _issuePrivacyTokens.
       // ────────────────────────────────────────────────────────────────────
     }
   }
@@ -1601,7 +1589,7 @@ class WhalibmobClient extends EventEmitter {
    */
   _reissueTcTokenAfterIdentityChange(from) {
     if (!this._tcTokenStore || !from) return;
-    const { normalizeJidForTcToken, isTcTokenExpired } = require('./messages/TcTokenStore');
+    const { normalizeJidForTcToken, tcTokenExpired } = require('./messages/TcTokenStore');
 
     void (async () => {
       try {
@@ -1613,7 +1601,7 @@ class WhalibmobClient extends EventEmitter {
 
         const entry    = this._tcTokenStore.get(tcJid);
         const senderTs = entry && entry.senderTimestamp;
-        if (!senderTs || isTcTokenExpired(senderTs)) {
+        if (!senderTs || tcTokenExpired(senderTs)) {
           // No previous issuance — nothing to re-issue
           return;
         }

package/lib/Registration.js

@@ -590,13 +590,37 @@ async function assertRegistrationKeys(store, waVersion) {
   return false;
 }
 
-async function requestSmsCode(store, method) {
+async function requestSmsCode(store, method, opts) {
   method = method || 'sms';
+  opts   = opts   || {};
   const _device   = getDeviceConfig();
   const waVersion = await fetchWaVersion(_device);
   store.version = waVersion;
   store.device  = _device;
 
+  // Email method: request code via email instead of SMS/voice.
+  // Sends method=email + email=<address> in the /code request.
+  // No auto-fallback for email — it either works or fails.
+  if (method === 'email') {
+    const emailAddr = opts.email || '';
+    if (!emailAddr) throw new Error('requestSmsCode: email method requires opts.email address');
+    const { cc: _regCc } = parsePhone(store.phoneNumber);
+    const _regMeta       = getCountryMeta(_regCc);
+    const extra = [
+      'method',            'email',
+      'email',             emailAddr,
+      'sim_mcc',           _regMeta.mcc,
+      'sim_mnc',           _regMeta.mnc,
+      'reason',            '',
+      'cellular_strength', '1'
+    ];
+    const result = await sendRequest('/code', store, waVersion, true, extra);
+    const status = result.status;
+    if (status === 'ok' || status === 'sent') return result;
+    const reason = result.reason || status || '';
+    throw new Error(`Registration email error: ${reason} — raw: ${JSON.stringify(result)}`);
+  }
+
   // Auto-fallback: if the primary method gets no_routes, try the alternate once.
   // sms → wa_old, wa_old → sms, voice → sms
   const fallbackMethod = method === 'wa_old' ? 'sms' : (method === 'sms' ? 'wa_old' : 'sms');

package/lib/messages/MessageSender.js

@@ -814,31 +814,135 @@ class MessageSender {
   }
 
   // ─── Dispatch and wait for ack ────────────────────────────────────────────
+  //
+  // Error 463 recovery (mirrors Baileys messages-recv.js inFlight463Recoveries):
+  //   1. 463 ack arrives → issue privacy token via _issuePrivacyTokens
+  //   2. Wait for token to be stored in _tcTokenStore
+  //   3. Re-send the SAME message node with a new msgId — the tctoken node
+  //      was already attached by _sendDMMessage, so the re-dispatched node
+  //      carries the same content; the token lookup on re-send will succeed.
+  //      The re-send uses _isRetry=true to prevent recursive 463 handling.
+  //   4. Resolve/reject based on the re-send ack — transparent to the caller.
+  //
+  // Uses a SEPARATE _inFlight463Recoveries Set (not shared with the proactive
+  // _inFlightTcTokenIssuance) so 463 recovery and proactive issuance never
+  // block each other. Matches Baileys pattern exactly.
+
+  _dispatchAndAck(node, msgId, _isRetry) {
+    const self   = this;
+    const client = this._client;
+    const socket = this._socket;
 
-  _dispatchAndAck(node, msgId) {
     return new Promise((resolve, reject) => {
-      const timer = setTimeout(() => {
-        this._client._pendingAcks.delete(msgId);
-        // Resolve anyway — WA often doesn't ack immediately
-        resolve({ id: msgId, status: 'sent' });
-      }, 20000);
-
-      this._client._pendingAcks.set(msgId, (ackAttrs) => {
-        clearTimeout(timer);
-        if (ackAttrs && ackAttrs.error) {
-          reject(new Error('Send error ' + ackAttrs.error + ' for ' + msgId));
-        } else {
-          resolve({ id: msgId, t: ackAttrs && ackAttrs.t, status: 'sent' });
+      let _timer = null;
+
+      const armTimer = (id) => {
+        _timer = setTimeout(() => {
+          client._pendingAcks.delete(id);
+          resolve({ id, status: 'sent' });
+        }, 20000);
+      };
+
+      const sendNode = (n, id) => {
+        armTimer(id);
+        client._pendingAcks.set(id, (ackAttrs) => {
+          clearTimeout(_timer);
+          _timer = null;
+          const error = ackAttrs && ackAttrs.error ? String(ackAttrs.error) : '';
+
+          // ─── Error 463: missing tcToken / reachout timelock ───────────
+          // Issue privacy token then automatically re-send once with the
+          // token attached. Uses a separate _inFlight463Recoveries Set so
+          // concurrent 463 recoveries and proactive issuances don't clash.
+          if (error === '463' && !_isRetry) {
+            const ackFrom = ackAttrs.from ? String(ackAttrs.from) : '';
+            const tcJid   = normalizeJidForTcToken(
+              ackFrom || String(node.attrs && node.attrs.to || '')
+            );
+            process.stderr.write(
+              '[DBG] ACK_463 from=' + ackFrom + ' id=' + id +
+              ' tcJid=' + tcJid + ' — issuing tctoken then retrying\n'
+            );
+
+            if (client._inFlight463Recoveries.has(tcJid)) {
+              // Another concurrent recovery in progress for this JID —
+              // wait ~3 s for it to finish then retry with whatever token
+              // is now stored (may or may not succeed).
+              process.stderr.write('[DBG] ACK_463 already in-flight for ' + tcJid + ' — retrying after delay\n');
+              setTimeout(() => {
+                const retryId   = crypto.randomBytes(8).toString('hex').toUpperCase();
+                const retryNode = new BinaryNode(
+                  node.description,
+                  Object.assign({}, node.attrs, { id: retryId }),
+                  node.content
+                );
+                self._dispatchAndAck(retryNode, retryId, /* _isRetry */ true)
+                  .then(r => resolve(r))
+                  .catch(e => reject(e));
+              }, 3000);
+              return;
+            }
+
+            client._inFlight463Recoveries.add(tcJid);
+            const issueTs = Math.floor(Date.now() / 1000);
+
+            client._issuePrivacyTokens(ackFrom || tcJid, issueTs)
+              .then(result => client._storeTcTokenFromIqResult(result, tcJid, issueTs))
+              .then(() => {
+                // Verify that real token bytes were received from the server.
+                // If the IQ timed out (result=NULL) or the server refused to
+                // issue (restricted account), tokenBytes=0 — re-sending would
+                // just get another 463 immediately.  Reject with a clear message.
+                const tcStore = client._tcTokenStore;
+                const entry   = tcStore && tcStore.get(tcJid);
+                const hasToken = entry && entry.token && entry.token.length > 0;
+                if (!hasToken) {
+                  process.stderr.write(
+                    '[DBG] ACK_463 IQ timeout or server refused — no token bytes stored for ' +
+                    tcJid + ', giving up (account may be restricted)\n'
+                  );
+                  throw new Error(
+                    'Send error 463: server did not issue a tctoken for ' + tcJid +
+                    ' (IQ timeout or account restricted)'
+                  );
+                }
+                process.stderr.write('[DBG] ACK_463 token stored for ' + tcJid + ' — retrying send\n');
+                const retryId   = crypto.randomBytes(8).toString('hex').toUpperCase();
+                const retryNode = new BinaryNode(
+                  node.description,
+                  Object.assign({}, node.attrs, { id: retryId }),
+                  node.content
+                );
+                return self._dispatchAndAck(retryNode, retryId, /* _isRetry */ true);
+              })
+              .then(r => resolve(r))
+              .catch(err => {
+                process.stderr.write('[DBG] ACK_463 recovery failed: ' + (err && err.message) + '\n');
+                reject(new Error('Send error 463: tctoken recovery failed — ' + (err && err.message)));
+              })
+              .finally(() => client._inFlight463Recoveries.delete(tcJid));
+            return;
+          }
+          // ─────────────────────────────────────────────────────────────
+
+          if (error) {
+            reject(new Error('Send error ' + error + ' for ' + id));
+          } else {
+            resolve({ id, t: ackAttrs && ackAttrs.t, status: 'sent' });
+          }
+        });
+
+        try {
+          socket.sendNode(n);
+        } catch (err) {
+          clearTimeout(_timer);
+          _timer = null;
+          client._pendingAcks.delete(id);
+          reject(err);
         }
-      });
+      };
 
-      try {
-        this._socket.sendNode(node);
-      } catch (err) {
-        clearTimeout(timer);
-        this._client._pendingAcks.delete(msgId);
-        reject(err);
-      }
+      sendNode(node, msgId);
     });
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "whalibmob",
-  "version": "5.5.27",
+  "version": "5.5.29",
   "description": "WhatsApp library for interaction with WhatsApp Mobile API no web",
   "author": "Kunboruto20",
   "main": "index.js",