npm - wowok - Versions diffs - 2.1.16 → 2.1.18 - Mend

wowok 2.1.16 → 2.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/dist/cjs/w/call/base.js +1 -0
package/dist/cjs/w/call/base.js.map +1 -1
package/dist/cjs/w/call/entity.js +1 -0
package/dist/cjs/w/call/entity.js.map +1 -1
package/dist/cjs/w/call/passport.js +1 -0
package/dist/cjs/w/call/passport.js.map +1 -1
package/dist/cjs/w/call/permission.js.map +1 -1
package/dist/cjs/w/call/proof.js +1 -0
package/dist/cjs/w/call/proof.js.map +1 -1
package/dist/cjs/w/call/util.js +1 -0
package/dist/cjs/w/call/util.js.map +1 -1
package/dist/cjs/w/local/account.d.ts +2 -2
package/dist/cjs/w/local/account.js +101 -28
package/dist/cjs/w/local/account.js.map +1 -1
package/dist/cjs/w/local/index.d.ts +1 -1
package/dist/cjs/w/local/index.js +17 -8
package/dist/cjs/w/local/index.js.map +1 -1
package/dist/cjs/w/local/local.js +10 -5
package/dist/cjs/w/local/local.js.map +1 -1
package/dist/cjs/w/local/wip.js +1 -0
package/dist/cjs/w/local/wip.js.map +1 -1
package/dist/cjs/w/messenger/crypto.js +4 -4
package/dist/cjs/w/messenger/crypto.js.map +1 -1
package/dist/cjs/w/messenger/messenger-api.d.ts +1 -3
package/dist/cjs/w/messenger/messenger-api.js +75 -56
package/dist/cjs/w/messenger/messenger-api.js.map +1 -1
package/dist/cjs/w/messenger/messenger-manager.d.ts +1 -6
package/dist/cjs/w/messenger/messenger-manager.js +99 -150
package/dist/cjs/w/messenger/messenger-manager.js.map +1 -1
package/dist/cjs/w/messenger/messenger.d.ts +88 -31
package/dist/cjs/w/messenger/messenger.js +448 -441
package/dist/cjs/w/messenger/messenger.js.map +1 -1
package/dist/cjs/w/messenger/server.d.ts +9 -1
package/dist/cjs/w/messenger/server.js +56 -5
package/dist/cjs/w/messenger/server.js.map +1 -1
package/dist/cjs/w/messenger/session.d.ts +13 -10
package/dist/cjs/w/messenger/session.js +290 -176
package/dist/cjs/w/messenger/session.js.map +1 -1
package/dist/cjs/w/messenger/storage.d.ts +30 -0
package/dist/cjs/w/messenger/storage.js +138 -5
package/dist/cjs/w/messenger/storage.js.map +1 -1
package/dist/cjs/w/messenger/types.d.ts +37 -2
package/dist/cjs/w/messenger/types.js +14 -3
package/dist/cjs/w/messenger/types.js.map +1 -1
package/dist/cjs/w/query/object.js +1 -0
package/dist/cjs/w/query/object.js.map +1 -1
package/dist/cjs/w/util.js +1 -0
package/dist/cjs/w/util.js.map +1 -1
package/dist/esm/w/call/base.js +1 -0
package/dist/esm/w/call/base.js.map +1 -1
package/dist/esm/w/call/entity.js +1 -0
package/dist/esm/w/call/entity.js.map +1 -1
package/dist/esm/w/call/passport.js +1 -0
package/dist/esm/w/call/passport.js.map +1 -1
package/dist/esm/w/call/permission.js.map +1 -1
package/dist/esm/w/call/proof.js +1 -0
package/dist/esm/w/call/proof.js.map +1 -1
package/dist/esm/w/call/util.js +1 -0
package/dist/esm/w/call/util.js.map +1 -1
package/dist/esm/w/local/account.d.ts +2 -2
package/dist/esm/w/local/account.js +101 -28
package/dist/esm/w/local/account.js.map +1 -1
package/dist/esm/w/local/index.d.ts +1 -1
package/dist/esm/w/local/index.js +17 -8
package/dist/esm/w/local/index.js.map +1 -1
package/dist/esm/w/local/local.js +10 -5
package/dist/esm/w/local/local.js.map +1 -1
package/dist/esm/w/local/wip.js +1 -0
package/dist/esm/w/local/wip.js.map +1 -1
package/dist/esm/w/messenger/crypto.js +4 -4
package/dist/esm/w/messenger/crypto.js.map +1 -1
package/dist/esm/w/messenger/messenger-api.d.ts +1 -3
package/dist/esm/w/messenger/messenger-api.js +75 -56
package/dist/esm/w/messenger/messenger-api.js.map +1 -1
package/dist/esm/w/messenger/messenger-manager.d.ts +1 -6
package/dist/esm/w/messenger/messenger-manager.js +99 -150
package/dist/esm/w/messenger/messenger-manager.js.map +1 -1
package/dist/esm/w/messenger/messenger.d.ts +88 -31
package/dist/esm/w/messenger/messenger.js +448 -441
package/dist/esm/w/messenger/messenger.js.map +1 -1
package/dist/esm/w/messenger/server.d.ts +9 -1
package/dist/esm/w/messenger/server.js +56 -5
package/dist/esm/w/messenger/server.js.map +1 -1
package/dist/esm/w/messenger/session.d.ts +13 -10
package/dist/esm/w/messenger/session.js +290 -176
package/dist/esm/w/messenger/session.js.map +1 -1
package/dist/esm/w/messenger/storage.d.ts +30 -0
package/dist/esm/w/messenger/storage.js +138 -5
package/dist/esm/w/messenger/storage.js.map +1 -1
package/dist/esm/w/messenger/types.d.ts +37 -2
package/dist/esm/w/messenger/types.js +14 -3
package/dist/esm/w/messenger/types.js.map +1 -1
package/dist/esm/w/query/object.js +1 -0
package/dist/esm/w/query/object.js.map +1 -1
package/dist/esm/w/util.js +1 -0
package/dist/esm/w/util.js.map +1 -1
package/package.json +3 -3

package/dist/cjs/w/messenger/session.js CHANGED Viewed

@@ -10,6 +10,7 @@
  * 3. 消息加密和解密
  */
 import { KeyHelper, SessionBuilder, SessionCipher, SignalProtocolAddress, } from "libsignal-protocol-typescript";
+// eslint-disable-next-line import/no-cycle
 import { Account } from "../local/account.js";
 import { SignalProtocolStorage } from "./storage.js";
 import { MessengerServerClient } from "./server.js";
@@ -62,8 +63,8 @@ export class MessengerSession {
         prefixedPublicKey[0] = 0x05; // Signal Protocol 标准前缀
         prefixedPublicKey.set(publicKey, 1);
         const signalIdentity = {
-            privKey: privateKey.buffer.slice(privateKey.byteOffset, privateKey.byteOffset + privateKey.byteLength),
-            pubKey: prefixedPublicKey.buffer.slice(prefixedPublicKey.byteOffset, prefixedPublicKey.byteOffset + prefixedPublicKey.byteLength),
+            privKey: privateKey.slice().buffer,
+            pubKey: prefixedPublicKey.slice().buffer,
         };
         await this.store.setIdentity(signalIdentity, registrationId);
         const xed25519 = recoverXed25519FromX25519PrivateKey(privateKey);
@@ -89,17 +90,38 @@ export class MessengerSession {
      */
     async registerDevice(userAddress) {
         const identity = await this.ensureIdentity(userAddress);
-        // 首次注册时上传最大数量的预密钥
-        const prekeys = await this.generatePreKeyBatch(this.config.prekey_count);
-        // 注意：KeyHelper.generateIdentityKeyPair 返回的 identityKey 已经带有 0x05 前缀了
-        // 不要再次 encodeX25519PublicKey，否则会有双重前缀！
+        const signedPreKeyId = 1;
+        let signedPreKey;
+        let signedPreKeyPublicKey;
+        let signedPreKeySignature;
+        let isNewKey = false;
+        // 【关键修复】使用带签名的存储方法
+        const existingSignedPreKey = await this.store.loadSignedPreKeyWithSignature(signedPreKeyId);
+        if (existingSignedPreKey) {
+            signedPreKeyPublicKey = arrayBufferToUint8Array(existingSignedPreKey.pubKey);
+            signedPreKeySignature = arrayBufferToUint8Array(existingSignedPreKey.signature);
+            signedPreKey = {
+                keyId: signedPreKeyId,
+                keyPair: {
+                    pubKey: existingSignedPreKey.pubKey,
+                    privKey: existingSignedPreKey.privKey,
+                },
+                signature: existingSignedPreKey.signature,
+            };
+        }
+        else {
+            signedPreKey = await KeyHelper.generateSignedPreKey(identity.signalIdentity, signedPreKeyId);
+            signedPreKeyPublicKey = arrayBufferToUint8Array(signedPreKey.keyPair.pubKey);
+            signedPreKeySignature = arrayBufferToUint8Array(signedPreKey.signature);
+            isNewKey = true;
+        }
+        // 生成 One-Time PreKeys（暂不保存）
+        const oneTimePrekeys = await this.generatePreKeyBatch(this.config.prekey_count, userAddress);
         const prefixedIdentityKey = arrayBufferToUint8Array(identity.signalIdentity.pubKey);
-        // 获取账户信息用于签名
         const account = await Account.Instance().get(userAddress, false);
         if (!account?.pubkey) {
             throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${userAddress}`);
         }
-        // 构造签名
         const timestamp = Date.now();
         const nonce = this.generateNonce();
         const message = `register:${account.pubkey}:${timestamp}:${nonce}`;
@@ -110,40 +132,111 @@ export class MessengerSession {
             deviceId: DEFAULT_DEVICE_ID,
             registrationId: identity.registrationId,
             identityKey: bytesToBase64(prefixedIdentityKey),
-            prekeys,
+            signedPrekey: {
+                keyId: signedPreKeyId,
+                publicKey: bytesToBase64(signedPreKeyPublicKey),
+                signature: bytesToBase64(signedPreKeySignature),
+            },
+            prekeys: oneTimePrekeys,
             publicKey: account.pubkey,
             signatureScheme: "ED25519",
             signature: bytesToBase64(signature),
             timestamp,
             nonce,
         };
+        console.log(`[Session Debug] Sending register request to server...`);
         await this.serverClient.registerDevice(registerRequest);
+        console.log(`[Session Debug] Server register request successful!`);
+        console.log(`[Session Debug] Verifying registration complete...`);
+        await this.verifyRegistrationComplete(userAddress);
+        console.log(`[Session Debug] Registration verification complete!`);
+        // 【关键修复】只有是新 key 时才保存到本地数据库（包含签名）
+        if (isNewKey) {
+            await this.store.storeSignedPreKeyWithSignature(signedPreKeyId, signedPreKey.keyPair, signedPreKeySignature.buffer.slice(0));
+        }
+    }
+    /**
+     * 验证注册是否完成
+     * 轮询检查服务器是否已存在该用户
+     */
+    async verifyRegistrationComplete(userAddress, maxRetries = 10, retryDelay = 500) {
+        for (let i = 0; i < maxRetries; i++) {
+            try {
+                const status = await this.serverClient.getPrekeyStatus(userAddress);
+                // 如果成功获取状态，说明注册已完成
+                console.log(`Registration verified for ${userAddress}, prekeys: ${status.currentCount}/${status.maxAllowed}`);
+                return;
+            }
+            catch (error) {
+                // 如果是 404，说明注册还没完成，继续等待
+                if (error?.message?.includes("404") || error?.status === 404) {
+                    if (i < maxRetries - 1) {
+                        console.log(`Waiting for registration to complete... (${i + 1}/${maxRetries})`);
+                        await new Promise((resolve) => setTimeout(resolve, retryDelay));
+                        continue;
+                    }
+                }
+                // 其他错误，抛出
+                throw error;
+            }
+        }
+        throw new MessengerError(MessengerErrorCode.REGISTRATION_FAILED, `Registration verification failed after ${maxRetries} attempts`);
+    }
+    /**
+     * 检查设备是否已在服务器上注册
+     * 通过查询服务器上的预密钥状态来判断
+     */
+    async isDeviceRegistered(userAddress) {
+        try {
+            // 检查本地是否有 signedPreKey（使用带签名的方法）
+            const signedPreKey = await this.store.loadSignedPreKeyWithSignature(1);
+            if (!signedPreKey) {
+                return false;
+            }
+            // 尝试从服务器获取预密钥状态
+            const _status = await this.serverClient.getPrekeyStatus(userAddress);
+            return true;
+        }
+        catch (error) {
+            // 如果是 404，说明设备未注册
+            if (error?.message?.includes("404") || error?.status === 404) {
+                return false;
+            }
+            return false;
+        }
     }
     /**
-     * 生成预密钥批次
+     * 生成预密钥批次（One-Time PreKeys）
      */
-    async generatePreKeyBatch(count) {
+    async generatePreKeyBatch(count, userAddress) {
         if (count <= 0)
             return [];
-        const identity = await this.ensureIdentity();
         const meta = await this.store.getMeta();
         let nextPreKeyId = meta.nextPreKeyId || 1;
         const prekeys = [];
         for (let i = 0; i < count; i++) {
             const keyId = nextPreKeyId + i;
-            // 使用双棘轮库的 KeyHelper.generateSignedPreKey 生成带 X25519 签名的 signed prekey
-            const signedPreKey = await KeyHelper.generateSignedPreKey(identity.signalIdentity, keyId);
-            const prekeyPublicKey = arrayBufferToUint8Array(signedPreKey.keyPair.pubKey);
-            // 注意：KeyHelper.generateSignedPreKey 返回的 prekey 已经带有 0x05 前缀了
-            // 不要再次 encodeX25519PublicKey，否则会有双重前缀！
-            const prefixedPublicKey = prekeyPublicKey;
-            // 双棘轮库已经生成了 X25519 签名，直接使用
-            const signature = arrayBufferToUint8Array(signedPreKey.signature);
-            await this.store.storePreKey(keyId, signedPreKey.keyPair);
-            await this.store.storeSignedPreKey(keyId, signedPreKey.keyPair);
+            const existingPreKey = await this.store.loadPreKey(keyId);
+            if (existingPreKey) {
+                const pubKeyBytes = new Uint8Array(existingPreKey.pubKey);
+                const publicKeyBase64 = bytesToBase64(pubKeyBytes);
+                const signResult = await Account.Instance().signData(userAddress, pubKeyBytes);
+                const signature = Buffer.from(signResult.signature.slice(2), "hex");
+                prekeys.push({
+                    keyId,
+                    publicKey: publicKeyBase64,
+                    signature: bytesToBase64(signature),
+                });
+                continue;
+            }
+            const preKey = await KeyHelper.generatePreKey(keyId);
+            const pubKeyBytes = new Uint8Array(preKey.keyPair.pubKey);
+            const signResult = await Account.Instance().signData(userAddress, pubKeyBytes);
+            const signature = Buffer.from(signResult.signature.slice(2), "hex");
+            await this.store.storePreKey(keyId, preKey.keyPair);
             prekeys.push({
                 keyId,
-                publicKey: bytesToBase64(prefixedPublicKey),
+                publicKey: bytesToBase64(pubKeyBytes),
                 signature: bytesToBase64(signature),
             });
         }
@@ -153,44 +246,30 @@ export class MessengerSession {
     }
     /**
      * 确保服务器上有足够可用的预密钥
-     *
-     * 逻辑：查询服务器当前预密钥数量，按需生成并上传，补充到服务器最大容量
      */
     async ensurePreKeys(userAddress, force = false) {
-        // 1. 查询服务器当前预密钥状态
         const status = await this.serverClient.getPrekeyStatus(userAddress);
-        // 2. 如果服务器已满且非强制模式，直接返回
         if (!force && status.currentCount >= status.maxAllowed) {
-            throw new MessengerError(MessengerErrorCode.PREKEYS_FULL, `Prekeys already full on server: ${status.currentCount}/${status.maxAllowed}`);
+            return;
         }
-        // 3. 计算需要补充的数量
         const needCount = status.maxAllowed - status.currentCount;
         if (needCount <= 0) {
-            /*console.log(
-                `No need to refill prekeys, server has ${status.currentCount}/${status.maxAllowed}`,
-            );*/
             return;
         }
-        /*console.log(
-            `Refilling prekeys: server has ${status.currentCount}/${status.maxAllowed}, need ${needCount}`,
-        );*/
-        // 4. 确保身份已初始化
         await this.ensureIdentity(userAddress);
-        // 5. 生成所需数量的预密钥
-        const prekeys = await this.generatePreKeyBatch(needCount);
-        // 6. 获取账户信息用于签名
+        const prekeys = await this.generatePreKeyBatch(needCount, userAddress);
+        if (prekeys.length === 0) {
+            return;
+        }
         const account = await Account.Instance().get(userAddress, false);
         if (!account?.pubkey) {
             throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${userAddress}`);
         }
-        // 7. 构造上传请求（包含签名）
-        // 8. 生成签名
         const timestamp = Date.now();
         const nonce = this.generateNonce();
         const message = `upload_prekeys:${account.pubkey}:${timestamp}:${nonce}`;
         const signResult = await Account.Instance().signData(userAddress, message);
         const signature = Buffer.from(signResult.signature.slice(2), "hex");
-        // 9. 上传预密钥（服务器会自动丢弃超过最大数量的部分）
         await this.serverClient.uploadPreKeys({
             userAddress,
             prekeys,
@@ -212,185 +291,220 @@ export class MessengerSession {
     /**
      * 建立与对方的会话
      */
-    async establishSession(myAddress, peerAddress, peerDeviceId = DEFAULT_DEVICE_ID) {
+    async establishSession(myAddress, peerAddress, peerDeviceId = DEFAULT_DEVICE_ID, remoteBundle) {
         const protocolAddress = new SignalProtocolAddress(peerAddress, peerDeviceId);
-        // 检查是否已有会话
         const existingSession = await this.store.loadSession(protocolAddress.toString());
         if (existingSession) {
             return;
         }
-        // 获取账户信息以生成签名
-        const account = await Account.Instance().get(myAddress, false);
-        if (!account?.pubkey) {
-            throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${myAddress}`);
+        if (!remoteBundle) {
+            const account = await Account.Instance().get(myAddress, false);
+            if (!account?.pubkey) {
+                throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${myAddress}`);
+            }
+            const timestamp = Date.now();
+            const nonce = this.generateNonce();
+            const publicKeyWithFlag = account.pubkey;
+            const message = `get_bundle:${myAddress}:${timestamp}:${nonce}`;
+            const signResult = await Account.Instance().signData(myAddress, message);
+            const signature = Buffer.from(signResult.signature.slice(2), "hex");
+            remoteBundle = await this.serverClient.fetchRemoteBundle(peerAddress, myAddress, publicKeyWithFlag, {
+                signatureScheme: "ED25519",
+                signature: bytesToBase64(new Uint8Array(signature)),
+                timestamp,
+                nonce,
+            }, peerDeviceId);
         }
-        // 构造签名
-        const timestamp = Date.now();
-        const nonce = this.generateNonce();
-        const publicKeyWithFlag = account.pubkey;
-        // 签名格式: get_bundle:{address}:{timestamp}:{nonce}
-        const message = `get_bundle:${myAddress}:${timestamp}:${nonce}`;
-        const signResult = await Account.Instance().signData(myAddress, message);
-        const signature = Buffer.from(signResult.signature.slice(2), "hex");
-        // 获取对方密钥包（带签名验证）
-        const remoteBundle = await this.serverClient.fetchRemoteBundle(peerAddress, myAddress, publicKeyWithFlag, {
-            signatureScheme: "ED25519",
-            signature: bytesToBase64(new Uint8Array(signature)),
-            timestamp,
-            nonce,
-        }, peerDeviceId);
-        const preferredPreKey = remoteBundle.signedPrekey;
-        if (!preferredPreKey) {
+        const oneTimePreKey = remoteBundle.oneTimePrekey;
+        const signedPreKey = remoteBundle.signedPrekey;
+        if (!signedPreKey) {
             throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `No signed prekey available for ${peerAddress}`);
         }
-        // 转换为 Signal Protocol 设备格式
         const identityKeyBytes = base64ToBytes(remoteBundle.identityKey);
-        const preKeyPublicBytes = base64ToBytes(preferredPreKey.publicKey);
-        const signatureBytes = base64ToBytes(preferredPreKey.signature);
-        // 注意：identityKey 和 signedPreKey.publicKey 都不要 decode 去掉前缀！
-        // 因为当初签名时用的就是带 0x05 前缀的原始公钥！
         const originalIdentityKeyWithPrefix = new Uint8Array(identityKeyBytes);
-        const originalPreKeyWithPrefix = new Uint8Array(preKeyPublicBytes);
+        const signedPreKeyPublicBytes = base64ToBytes(signedPreKey.publicKey);
+        const signedPreKeySignatureBytes = base64ToBytes(signedPreKey.signature);
+        const originalSignedPreKeyWithPrefix = new Uint8Array(signedPreKeyPublicBytes);
+        let oneTimePreKeyData = undefined;
+        if (oneTimePreKey) {
+            const oneTimePreKeyPublicBytes = base64ToBytes(oneTimePreKey.publicKey);
+            const originalOneTimePreKeyWithPrefix = new Uint8Array(oneTimePreKeyPublicBytes);
+            oneTimePreKeyData = {
+                keyId: oneTimePreKey.keyId,
+                publicKey: originalOneTimePreKeyWithPrefix.buffer.slice(originalOneTimePreKeyWithPrefix.byteOffset, originalOneTimePreKeyWithPrefix.byteOffset +
+                    originalOneTimePreKeyWithPrefix.byteLength),
+            };
+        }
         const device = {
             registrationId: remoteBundle.registrationId,
             identityKey: originalIdentityKeyWithPrefix.buffer.slice(originalIdentityKeyWithPrefix.byteOffset, originalIdentityKeyWithPrefix.byteOffset +
                 originalIdentityKeyWithPrefix.byteLength),
             signedPreKey: {
-                keyId: preferredPreKey.keyId,
-                publicKey: originalPreKeyWithPrefix.buffer.slice(originalPreKeyWithPrefix.byteOffset, originalPreKeyWithPrefix.byteOffset +
-                    originalPreKeyWithPrefix.byteLength),
-                signature: new Uint8Array(signatureBytes).buffer.slice(signatureBytes.byteOffset, signatureBytes.byteOffset + signatureBytes.byteLength),
+                keyId: signedPreKey.keyId,
+                publicKey: originalSignedPreKeyWithPrefix.buffer.slice(originalSignedPreKeyWithPrefix.byteOffset, originalSignedPreKeyWithPrefix.byteOffset +
+                    originalSignedPreKeyWithPrefix.byteLength),
+                signature: new Uint8Array(signedPreKeySignatureBytes).buffer.slice(signedPreKeySignatureBytes.byteOffset, signedPreKeySignatureBytes.byteOffset +
+                    signedPreKeySignatureBytes.byteLength),
             },
-            // 服务器只提供 signedPreKey，没有单独的 one-time preKey
-            // 这是可以的，Signal Protocol 支持仅使用 signedPreKey 建立会话
-            preKey: undefined,
+            preKey: oneTimePreKeyData,
         };
-        // 建立会话
         const builder = new SessionBuilder(this.store, protocolAddress);
         await builder.processPreKey(device);
-        // 显式存储对方的身份密钥，以便后续解密对方的回复
-        // 使用 protocolAddress.toString() 作为键（包含 deviceId）
         await this.store.saveIdentity(protocolAddress.toString(), device.identityKey);
     }
     /**
      * 加密消息
-     * @param myAddress 发送方地址
-     * @param peerAddress 接收方地址
-     * @param plaintext 明文
-     * @param peerDeviceId 设备ID
-     * @returns 加密后的消息（type 表示底层 Signal Protocol 消息类型：3=PreKeyMessage, 1=WhisperMessage）
      */
     async encryptMessage(myAddress, peerAddress, plaintext, peerDeviceId = DEFAULT_DEVICE_ID) {
         const protocolAddress = new SignalProtocolAddress(peerAddress, peerDeviceId);
-        // 检查是否已有会话（用于确定底层消息类型）
         const sessionKey = protocolAddress.toString();
-        const existingSession = await this.store.loadSession(sessionKey);
-        const isNewSession = !existingSession;
-        // 只有在新会话时才建立会话，避免重置已存在的会话状态
-        if (isNewSession) {
-            await this.establishSession(myAddress, peerAddress, peerDeviceId);
-        }
-        const cipher = new SessionCipher(this.store, protocolAddress);
-        const encoder = new TextEncoder();
-        const cipherMessage = await cipher.encrypt(encoder.encode(plaintext).buffer);
-        // Convert body to ArrayBuffer if it's a string
-        let bodyBuffer;
-        if (typeof cipherMessage.body === "string") {
-            const bodyBytes = Buffer.from(cipherMessage.body, "binary");
-            bodyBuffer = new Uint8Array(bodyBytes).buffer;
-        }
-        else if (cipherMessage.body) {
-            bodyBuffer = cipherMessage.body;
-        }
-        else {
-            throw new MessengerError(MessengerErrorCode.ENCRYPTION_FAILED, "Cipher message body is empty");
+        let existingSession = await this.store.loadSession(sessionKey);
+        let isNewSession = !existingSession;
+        let retryCount = 0;
+        const maxRetries = 2;
+        while (retryCount <= maxRetries) {
+            try {
+                if (isNewSession) {
+                    console.log(`[Session] 建立新会话 (尝试 ${retryCount + 1}/${maxRetries + 1})`);
+                    const account = await Account.Instance().get(myAddress, false);
+                    if (!account?.pubkey) {
+                        throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${myAddress}`);
+                    }
+                    const timestamp = Date.now();
+                    const nonce = this.generateNonce();
+                    const publicKeyWithFlag = account.pubkey;
+                    const message = `get_bundle:${myAddress}:${timestamp}:${nonce}`;
+                    const signResult = await Account.Instance().signData(myAddress, message);
+                    const signature = Buffer.from(signResult.signature.slice(2), "hex");
+                    const remoteBundle = await this.serverClient.fetchRemoteBundle(peerAddress, myAddress, publicKeyWithFlag, {
+                        signatureScheme: "ED25519",
+                        signature: bytesToBase64(new Uint8Array(signature)),
+                        timestamp,
+                        nonce,
+                    }, peerDeviceId);
+                    await this.establishSession(myAddress, peerAddress, peerDeviceId, remoteBundle);
+                }
+                const cipher = new SessionCipher(this.store, protocolAddress);
+                const encoder = new TextEncoder();
+                const cipherMessage = await cipher.encrypt(encoder.encode(plaintext).buffer);
+                let bodyBuffer;
+                if (typeof cipherMessage.body === "string") {
+                    const bodyBytes = Buffer.from(cipherMessage.body, "binary");
+                    bodyBuffer = new Uint8Array(bodyBytes).buffer;
+                }
+                else if (cipherMessage.body) {
+                    bodyBuffer = cipherMessage.body;
+                }
+                else {
+                    throw new MessengerError(MessengerErrorCode.ENCRYPTION_FAILED, "Cipher message body is empty");
+                }
+                return {
+                    type: cipherMessage.type,
+                    body: bodyBuffer,
+                    registrationId: cipherMessage.registrationId,
+                };
+            }
+            catch (error) {
+                console.error(`[Session] 加密失败 (尝试 ${retryCount + 1}/${maxRetries + 1}):`, error);
+                if (retryCount >= maxRetries) {
+                    throw error;
+                }
+                console.log(`[Session] 尝试删除旧会话并重新建立...`);
+                try {
+                    if (existingSession) {
+                        await this.store.removeSession(sessionKey);
+                        existingSession = undefined;
+                    }
+                    isNewSession = true;
+                    retryCount++;
+                    await new Promise((resolve) => setTimeout(resolve, 100));
+                }
+                catch (rebuildError) {
+                    console.error(`[Session] 重新建立会话失败:`, rebuildError);
+                    throw error;
+                }
+            }
         }
-        // 使用 SessionCipher 返回的消息类型（1 或 3）
-        // SessionCipher 根据 session.pendingPreKey 是否存在来决定消息类型
-        /*const msgType = cipherMessage.type === 3 ? "PREKEY" : "WHISPER";
-        console.log(
-            `[Session Debug] 加密完成: msgType=${msgType}(${cipherMessage.type}), bodyLength=${bodyBuffer.byteLength}, isNewSession=${isNewSession}`,
-        );*/
-        return {
-            type: cipherMessage.type,
-            body: bodyBuffer,
-            registrationId: cipherMessage.registrationId,
-        };
+        throw new MessengerError(MessengerErrorCode.ENCRYPTION_FAILED, "Encryption failed after multiple attempts");
     }
     /**
      * 解密消息
      */
     async decryptMessage(myAddress, peerAddress, ciphertext, msgType, peerDeviceId = DEFAULT_DEVICE_ID) {
         const protocolAddress = new SignalProtocolAddress(peerAddress, peerDeviceId);
-        // Signal 协议中，接收方直接使用自己的私钥解密消息
-        // decryptPreKeyWhisperMessage 会自动处理会话建立，不需要预先获取发送方的密钥包
-        // 发送方使用接收方的预密钥公钥加密，接收方使用自己的预密钥私钥解密
-        const cipher = new SessionCipher(this.store, protocolAddress);
-        const decoder = new TextDecoder();
-        // 检查会话状态
         const sessionKey = protocolAddress.toString();
-        const existingSession = await this.store.loadSession(sessionKey);
-        let plaintextBuffer;
-        const ciphertextArray = new Uint8Array(ciphertext);
+        let existingSession = await this.store.loadSession(sessionKey);
+        const decoder = new TextDecoder();
         let ciphertextBinary = "";
+        const ciphertextArray = new Uint8Array(ciphertext);
         for (let i = 0; i < ciphertextArray.length; i++) {
             ciphertextBinary += String.fromCharCode(ciphertextArray[i]);
         }
-        try {
-            if (msgType === MessageType.PREKEY_MESSAGE) {
-                // 【新增】如果已有会话，说明对方重置了会话，需要删除旧会话
-                if (existingSession) {
-                    await this.store.removeSession(sessionKey);
-                    // 重新创建 cipher（使用更新后的 store）
-                    const newCipher = new SessionCipher(this.store, protocolAddress);
-                    plaintextBuffer =
-                        await newCipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+        let retryCount = 0;
+        const maxRetries = 2;
+        while (retryCount <= maxRetries) {
+            try {
+                const cipher = new SessionCipher(this.store, protocolAddress);
+                let plaintextBuffer;
+                if (msgType === MessageType.PREKEY_MESSAGE) {
+                    console.log(`[Session] 收到 PREKEY_MESSAGE，发送方想用新的 PreKey Bundle 建立会话`);
+                    if (existingSession && retryCount === 0) {
+                        console.log(`[Session] 检测到已有会话，但收到 PREKEY_MESSAGE，先删除旧会话以建立新会话`);
+                        await this.store.removeSession(sessionKey);
+                        existingSession = undefined;
+                    }
+                    plaintextBuffer = await cipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+                    console.log(`[Session] PREKEY_MESSAGE 解密成功，新会话已建立`);
                 }
                 else {
-                    plaintextBuffer = await cipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+                    plaintextBuffer = await cipher.decryptWhisperMessage(ciphertextBinary, "binary");
                 }
+                return decoder.decode(plaintextBuffer);
             }
-            else {
-                // 解密前检查会话状态
-                /*const sessionBefore = await this.store.loadSession(sessionKey);
-                console.log(
-                    `[Session Debug] 解密前会话状态: ${sessionBefore ? "存在" : "不存在"}`,
-                );*/
-                plaintextBuffer = await cipher.decryptWhisperMessage(ciphertextBinary, "binary");
-                // 解密后检查会话状态
-                /*const sessionAfter = await this.store.loadSession(sessionKey);
-                console.log(
-                    `[Session Debug] 解密后会话状态: ${sessionAfter ? "存在" : "不存在"}`,
-                );*/
-            }
-        }
-        catch (error) {
-            /*console.error(`[Session Debug] 解密失败:`);
-            console.error(
-                `  错误类型: ${error instanceof Error ? error.constructor.name : typeof error}`,
-            );
-            console.error(
-                `  错误消息: ${error instanceof Error ? error.message : String(error)}`,
-            );
-            if (error instanceof Error && error.stack) {
-                console.error(`  堆栈: ${error.stack.split("\n")[0]}`);
+            catch (error) {
+                console.error(`[Session Debug] 解密失败 (尝试 ${retryCount + 1}/${maxRetries + 1}):`);
+                console.error(`  错误类型: ${error instanceof Error ? error.constructor.name : typeof error}`);
+                console.error(`  错误消息: ${error instanceof Error ? error.message : String(error)}`);
+                if (error instanceof Error && error.stack) {
+                    console.error(`  堆栈: ${error.stack.split("\n")[0]}`);
+                }
+                console.error(`  上下文:`);
+                console.error(`    - myAddress: ${myAddress}`);
+                console.error(`    - peerAddress: ${peerAddress}`);
+                console.error(`    - msgType: ${msgType} (${msgType === MessageType.PREKEY_MESSAGE ? "PREKEY" : "WHISPER"})`);
+                console.error(`    - sessionKey: ${sessionKey}`);
+                console.error(`    - existingSession: ${existingSession ? "存在" : "不存在"}`);
+                console.error(`    - ciphertext.length: ${ciphertext.byteLength}`);
+                const identityKey = await this.store.getIdentityKeyPair();
+                const regId = await this.store.getLocalRegistrationId();
+                console.error(`    - identityKey: ${identityKey ? "存在" : "缺失"}`);
+                console.error(`    - registrationId: ${regId}`);
+                if (retryCount >= maxRetries) {
+                    throw error;
+                }
+                console.log(`[Session] 尝试重新建立会话...`);
+                try {
+                    if (existingSession) {
+                        console.log(`[Session] 删除旧会话`);
+                        await this.store.removeSession(sessionKey);
+                        existingSession = undefined;
+                    }
+                    if (msgType === MessageType.PREKEY_MESSAGE) {
+                        console.log(`[Session] 收到的是 PREKEY_MESSAGE，等待发送方的 PreKey 即可重建会话`);
+                    }
+                    else {
+                        console.log(`[Session] 收到的是 WHISPER_MESSAGE，需要让对方重新发送 PREKEY_MESSAGE`);
+                    }
+                    retryCount++;
+                    await new Promise((resolve) => setTimeout(resolve, 100));
+                }
+                catch (rebuildError) {
+                    console.error(`[Session] 重新建立会话失败:`, rebuildError);
+                    throw error;
+                }
             }
-            console.error(`  上下文:`);
-            console.error(`    - myAddress: ${myAddress}`);
-            console.error(`    - peerAddress: ${peerAddress}`);
-            console.error(
-                `    - msgType: ${msgType} (${msgType === MessageType.PREKEY_MESSAGE ? "PREKEY" : "WHISPER"})`,
-            );
-            console.error(`    - sessionKey: ${sessionKey}`);
-            console.error(
-                `    - existingSession: ${existingSession ? "存在" : "不存在"}`,
-            );
-            console.error(`    - ciphertext.length: ${ciphertext.byteLength}`);
-            */
-            console.log("error:", error);
-            throw error;
         }
-        return decoder.decode(plaintextBuffer);
+        throw new MessengerError(MessengerErrorCode.DECRYPTION_FAILED, "Decryption failed after multiple attempts");
     }
     /**
      * 获取本地身份公钥