wowok 2.1.17 → 2.1.19

package/dist/cjs/w/messenger/session.js

@@ -10,11 +10,17 @@
  * 3. 消息加密和解密
  */
 import { KeyHelper, SessionBuilder, SessionCipher, SignalProtocolAddress, } from "libsignal-protocol-typescript";
-import { Account } from "../local/account.js";
 import { SignalProtocolStorage } from "./storage.js";
 import { MessengerServerClient } from "./server.js";
 import { recoverXed25519FromX25519PrivateKey, arrayBufferToUint8Array, bytesToBase64, base64ToBytes, } from "./crypto.js";
 import { MessageType, DEFAULT_MESSENGER_CONFIG, MessengerError, MessengerErrorCode, DEFAULT_DEVICE_ID, } from "./types.js";
+// 动态导入 Account 以避免循环依赖
+// eslint-disable-next-line import/no-cycle
+async function getAccount() {
+    // eslint-disable-next-line import/no-cycle
+    const { Account } = await import("../local/account.js");
+    return Account.Instance();
+}
 export class MessengerSession {
     store;
     serverClient;
@@ -53,7 +59,7 @@ export class MessengerSession {
             throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, "userAddress is required to derive identity");
         }
         // 从 Account 派生 X25519 密钥对
-        const { privateKey, publicKey } = await Account.Instance().deriveX25519KeyPair(userAddress);
+        const { privateKey, publicKey } = await (await getAccount()).deriveX25519KeyPair(userAddress);
         // 生成注册 ID（可以从公钥派生，确保确定性）
         const registrationId = this.deriveRegistrationId(publicKey);
         // 转换为 Signal Protocol 格式
@@ -62,8 +68,8 @@ export class MessengerSession {
         prefixedPublicKey[0] = 0x05; // Signal Protocol 标准前缀
         prefixedPublicKey.set(publicKey, 1);
         const signalIdentity = {
-            privKey: privateKey.buffer.slice(privateKey.byteOffset, privateKey.byteOffset + privateKey.byteLength),
-            pubKey: prefixedPublicKey.buffer.slice(prefixedPublicKey.byteOffset, prefixedPublicKey.byteOffset + prefixedPublicKey.byteLength),
+            privKey: privateKey.slice().buffer,
+            pubKey: prefixedPublicKey.slice().buffer,
         };
         await this.store.setIdentity(signalIdentity, registrationId);
         const xed25519 = recoverXed25519FromX25519PrivateKey(privateKey);
@@ -89,61 +95,153 @@ export class MessengerSession {
      */
     async registerDevice(userAddress) {
         const identity = await this.ensureIdentity(userAddress);
-        // 首次注册时上传最大数量的预密钥
-        const prekeys = await this.generatePreKeyBatch(this.config.prekey_count);
-        // 注意：KeyHelper.generateIdentityKeyPair 返回的 identityKey 已经带有 0x05 前缀了
-        // 不要再次 encodeX25519PublicKey，否则会有双重前缀！
+        const signedPreKeyId = 1;
+        let signedPreKey;
+        let signedPreKeyPublicKey;
+        let signedPreKeySignature;
+        let isNewKey = false;
+        // 【关键修复】使用带签名的存储方法
+        const existingSignedPreKey = await this.store.loadSignedPreKeyWithSignature(signedPreKeyId);
+        if (existingSignedPreKey) {
+            signedPreKeyPublicKey = arrayBufferToUint8Array(existingSignedPreKey.pubKey);
+            signedPreKeySignature = arrayBufferToUint8Array(existingSignedPreKey.signature);
+            signedPreKey = {
+                keyId: signedPreKeyId,
+                keyPair: {
+                    pubKey: existingSignedPreKey.pubKey,
+                    privKey: existingSignedPreKey.privKey,
+                },
+                signature: existingSignedPreKey.signature,
+            };
+        }
+        else {
+            signedPreKey = await KeyHelper.generateSignedPreKey(identity.signalIdentity, signedPreKeyId);
+            signedPreKeyPublicKey = arrayBufferToUint8Array(signedPreKey.keyPair.pubKey);
+            signedPreKeySignature = arrayBufferToUint8Array(signedPreKey.signature);
+            isNewKey = true;
+        }
+        // 生成 One-Time PreKeys（暂不保存）
+        const oneTimePrekeys = await this.generatePreKeyBatch(this.config.prekey_count, userAddress);
         const prefixedIdentityKey = arrayBufferToUint8Array(identity.signalIdentity.pubKey);
-        // 获取账户信息用于签名
-        const account = await Account.Instance().get(userAddress, false);
+        const account = await (await getAccount()).get(userAddress, false);
         if (!account?.pubkey) {
             throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${userAddress}`);
         }
-        // 构造签名
         const timestamp = Date.now();
         const nonce = this.generateNonce();
         const message = `register:${account.pubkey}:${timestamp}:${nonce}`;
-        const signResult = await Account.Instance().signData(userAddress, message);
+        const signResult = await (await getAccount()).signData(userAddress, message);
         const signature = Buffer.from(signResult.signature.slice(2), "hex");
         const registerRequest = {
             userAddress,
             deviceId: DEFAULT_DEVICE_ID,
             registrationId: identity.registrationId,
             identityKey: bytesToBase64(prefixedIdentityKey),
-            prekeys,
+            signedPrekey: {
+                keyId: signedPreKeyId,
+                publicKey: bytesToBase64(signedPreKeyPublicKey),
+                signature: bytesToBase64(signedPreKeySignature),
+            },
+            prekeys: oneTimePrekeys,
             publicKey: account.pubkey,
             signatureScheme: "ED25519",
             signature: bytesToBase64(signature),
             timestamp,
             nonce,
         };
+        console.log(`[Session Debug] Sending register request to server...`);
         await this.serverClient.registerDevice(registerRequest);
+        console.log(`[Session Debug] Server register request successful!`);
+        console.log(`[Session Debug] Verifying registration complete...`);
+        await this.verifyRegistrationComplete(userAddress);
+        console.log(`[Session Debug] Registration verification complete!`);
+        // 【关键修复】只有是新 key 时才保存到本地数据库（包含签名）
+        if (isNewKey) {
+            await this.store.storeSignedPreKeyWithSignature(signedPreKeyId, signedPreKey.keyPair, signedPreKeySignature.buffer.slice(0));
+        }
     }
     /**
-     * 生成预密钥批次
+     * 验证注册是否完成
+     * 轮询检查服务器是否已存在该用户
      */
-    async generatePreKeyBatch(count) {
+    async verifyRegistrationComplete(userAddress, maxRetries = 10, retryDelay = 500) {
+        for (let i = 0; i < maxRetries; i++) {
+            try {
+                const status = await this.serverClient.getPrekeyStatus(userAddress);
+                // 如果成功获取状态，说明注册已完成
+                console.log(`Registration verified for ${userAddress}, prekeys: ${status.currentCount}/${status.maxAllowed}`);
+                return;
+            }
+            catch (error) {
+                // 如果是 404，说明注册还没完成，继续等待
+                if (error?.message?.includes("404") || error?.status === 404) {
+                    if (i < maxRetries - 1) {
+                        console.log(`Waiting for registration to complete... (${i + 1}/${maxRetries})`);
+                        await new Promise((resolve) => setTimeout(resolve, retryDelay));
+                        continue;
+                    }
+                }
+                // 其他错误，抛出
+                throw error;
+            }
+        }
+        throw new MessengerError(MessengerErrorCode.REGISTRATION_FAILED, `Registration verification failed after ${maxRetries} attempts`);
+    }
+    /**
+     * 检查设备是否已在服务器上注册
+     * 通过查询服务器上的预密钥状态来判断
+     */
+    async isDeviceRegistered(userAddress) {
+        try {
+            // 检查本地是否有 signedPreKey（使用带签名的方法）
+            const signedPreKey = await this.store.loadSignedPreKeyWithSignature(1);
+            if (!signedPreKey) {
+                return false;
+            }
+            // 尝试从服务器获取预密钥状态
+            const _status = await this.serverClient.getPrekeyStatus(userAddress);
+            return true;
+        }
+        catch (error) {
+            // 如果是 404，说明设备未注册
+            if (error?.message?.includes("404") || error?.status === 404) {
+                return false;
+            }
+            return false;
+        }
+    }
+    /**
+     * 生成预密钥批次（One-Time PreKeys）
+     */
+    async generatePreKeyBatch(count, userAddress) {
         if (count <= 0)
             return [];
-        const identity = await this.ensureIdentity();
         const meta = await this.store.getMeta();
         let nextPreKeyId = meta.nextPreKeyId || 1;
         const prekeys = [];
         for (let i = 0; i < count; i++) {
             const keyId = nextPreKeyId + i;
-            // 使用双棘轮库的 KeyHelper.generateSignedPreKey 生成带 X25519 签名的 signed prekey
-            const signedPreKey = await KeyHelper.generateSignedPreKey(identity.signalIdentity, keyId);
-            const prekeyPublicKey = arrayBufferToUint8Array(signedPreKey.keyPair.pubKey);
-            // 注意：KeyHelper.generateSignedPreKey 返回的 prekey 已经带有 0x05 前缀了
-            // 不要再次 encodeX25519PublicKey，否则会有双重前缀！
-            const prefixedPublicKey = prekeyPublicKey;
-            // 双棘轮库已经生成了 X25519 签名，直接使用
-            const signature = arrayBufferToUint8Array(signedPreKey.signature);
-            await this.store.storePreKey(keyId, signedPreKey.keyPair);
-            await this.store.storeSignedPreKey(keyId, signedPreKey.keyPair);
+            const existingPreKey = await this.store.loadPreKey(keyId);
+            if (existingPreKey) {
+                const pubKeyBytes = new Uint8Array(existingPreKey.pubKey);
+                const publicKeyBase64 = bytesToBase64(pubKeyBytes);
+                const signResult = await (await getAccount()).signData(userAddress, pubKeyBytes);
+                const signature = Buffer.from(signResult.signature.slice(2), "hex");
+                prekeys.push({
+                    keyId,
+                    publicKey: publicKeyBase64,
+                    signature: bytesToBase64(signature),
+                });
+                continue;
+            }
+            const preKey = await KeyHelper.generatePreKey(keyId);
+            const pubKeyBytes = new Uint8Array(preKey.keyPair.pubKey);
+            const signResult = await (await getAccount()).signData(userAddress, pubKeyBytes);
+            const signature = Buffer.from(signResult.signature.slice(2), "hex");
+            await this.store.storePreKey(keyId, preKey.keyPair);
             prekeys.push({
                 keyId,
-                publicKey: bytesToBase64(prefixedPublicKey),
+                publicKey: bytesToBase64(pubKeyBytes),
                 signature: bytesToBase64(signature),
             });
         }
@@ -153,44 +251,30 @@ export class MessengerSession {
     }
     /**
      * 确保服务器上有足够可用的预密钥
-     *
-     * 逻辑：查询服务器当前预密钥数量，按需生成并上传，补充到服务器最大容量
      */
     async ensurePreKeys(userAddress, force = false) {
-        // 1. 查询服务器当前预密钥状态
         const status = await this.serverClient.getPrekeyStatus(userAddress);
-        // 2. 如果服务器已满且非强制模式，直接返回
         if (!force && status.currentCount >= status.maxAllowed) {
-            throw new MessengerError(MessengerErrorCode.PREKEYS_FULL, `Prekeys already full on server: ${status.currentCount}/${status.maxAllowed}`);
+            return;
         }
-        // 3. 计算需要补充的数量
         const needCount = status.maxAllowed - status.currentCount;
         if (needCount <= 0) {
-            /*console.log(
-                `No need to refill prekeys, server has ${status.currentCount}/${status.maxAllowed}`,
-            );*/
             return;
         }
-        /*console.log(
-            `Refilling prekeys: server has ${status.currentCount}/${status.maxAllowed}, need ${needCount}`,
-        );*/
-        // 4. 确保身份已初始化
         await this.ensureIdentity(userAddress);
-        // 5. 生成所需数量的预密钥
-        const prekeys = await this.generatePreKeyBatch(needCount);
-        // 6. 获取账户信息用于签名
-        const account = await Account.Instance().get(userAddress, false);
+        const prekeys = await this.generatePreKeyBatch(needCount, userAddress);
+        if (prekeys.length === 0) {
+            return;
+        }
+        const account = await (await getAccount()).get(userAddress, false);
         if (!account?.pubkey) {
             throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${userAddress}`);
         }
-        // 7. 构造上传请求（包含签名）
-        // 8. 生成签名
         const timestamp = Date.now();
         const nonce = this.generateNonce();
         const message = `upload_prekeys:${account.pubkey}:${timestamp}:${nonce}`;
-        const signResult = await Account.Instance().signData(userAddress, message);
+        const signResult = await (await getAccount()).signData(userAddress, message);
         const signature = Buffer.from(signResult.signature.slice(2), "hex");
-        // 9. 上传预密钥（服务器会自动丢弃超过最大数量的部分）
         await this.serverClient.uploadPreKeys({
             userAddress,
             prekeys,
@@ -212,185 +296,255 @@ export class MessengerSession {
     /**
      * 建立与对方的会话
      */
-    async establishSession(myAddress, peerAddress, peerDeviceId = DEFAULT_DEVICE_ID) {
+    async establishSession(myAddress, peerAddress, peerDeviceId = DEFAULT_DEVICE_ID, remoteBundle) {
         const protocolAddress = new SignalProtocolAddress(peerAddress, peerDeviceId);
-        // 检查是否已有会话
         const existingSession = await this.store.loadSession(protocolAddress.toString());
         if (existingSession) {
             return;
         }
-        // 获取账户信息以生成签名
-        const account = await Account.Instance().get(myAddress, false);
-        if (!account?.pubkey) {
-            throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${myAddress}`);
+        if (!remoteBundle) {
+            const account = await (await getAccount()).get(myAddress, false);
+            if (!account?.pubkey) {
+                throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${myAddress}`);
+            }
+            const timestamp = Date.now();
+            const nonce = this.generateNonce();
+            const publicKeyWithFlag = account.pubkey;
+            const message = `get_bundle:${myAddress}:${timestamp}:${nonce}`;
+            const signResult = await (await getAccount()).signData(myAddress, message);
+            const signature = Buffer.from(signResult.signature.slice(2), "hex");
+            remoteBundle = await this.serverClient.fetchRemoteBundle(peerAddress, myAddress, publicKeyWithFlag, {
+                signatureScheme: "ED25519",
+                signature: bytesToBase64(new Uint8Array(signature)),
+                timestamp,
+                nonce,
+            }, peerDeviceId);
         }
-        // 构造签名
-        const timestamp = Date.now();
-        const nonce = this.generateNonce();
-        const publicKeyWithFlag = account.pubkey;
-        // 签名格式: get_bundle:{address}:{timestamp}:{nonce}
-        const message = `get_bundle:${myAddress}:${timestamp}:${nonce}`;
-        const signResult = await Account.Instance().signData(myAddress, message);
-        const signature = Buffer.from(signResult.signature.slice(2), "hex");
-        // 获取对方密钥包（带签名验证）
-        const remoteBundle = await this.serverClient.fetchRemoteBundle(peerAddress, myAddress, publicKeyWithFlag, {
-            signatureScheme: "ED25519",
-            signature: bytesToBase64(new Uint8Array(signature)),
-            timestamp,
-            nonce,
-        }, peerDeviceId);
-        const preferredPreKey = remoteBundle.signedPrekey;
-        if (!preferredPreKey) {
+        const oneTimePreKey = remoteBundle.oneTimePrekey;
+        const signedPreKey = remoteBundle.signedPrekey;
+        if (!signedPreKey) {
             throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `No signed prekey available for ${peerAddress}`);
         }
-        // 转换为 Signal Protocol 设备格式
         const identityKeyBytes = base64ToBytes(remoteBundle.identityKey);
-        const preKeyPublicBytes = base64ToBytes(preferredPreKey.publicKey);
-        const signatureBytes = base64ToBytes(preferredPreKey.signature);
-        // 注意：identityKey 和 signedPreKey.publicKey 都不要 decode 去掉前缀！
-        // 因为当初签名时用的就是带 0x05 前缀的原始公钥！
         const originalIdentityKeyWithPrefix = new Uint8Array(identityKeyBytes);
-        const originalPreKeyWithPrefix = new Uint8Array(preKeyPublicBytes);
+        const signedPreKeyPublicBytes = base64ToBytes(signedPreKey.publicKey);
+        const signedPreKeySignatureBytes = base64ToBytes(signedPreKey.signature);
+        const originalSignedPreKeyWithPrefix = new Uint8Array(signedPreKeyPublicBytes);
+        let oneTimePreKeyData = undefined;
+        if (oneTimePreKey) {
+            const oneTimePreKeyPublicBytes = base64ToBytes(oneTimePreKey.publicKey);
+            const originalOneTimePreKeyWithPrefix = new Uint8Array(oneTimePreKeyPublicBytes);
+            oneTimePreKeyData = {
+                keyId: oneTimePreKey.keyId,
+                publicKey: originalOneTimePreKeyWithPrefix.buffer.slice(originalOneTimePreKeyWithPrefix.byteOffset, originalOneTimePreKeyWithPrefix.byteOffset +
+                    originalOneTimePreKeyWithPrefix.byteLength),
+            };
+        }
         const device = {
             registrationId: remoteBundle.registrationId,
             identityKey: originalIdentityKeyWithPrefix.buffer.slice(originalIdentityKeyWithPrefix.byteOffset, originalIdentityKeyWithPrefix.byteOffset +
                 originalIdentityKeyWithPrefix.byteLength),
             signedPreKey: {
-                keyId: preferredPreKey.keyId,
-                publicKey: originalPreKeyWithPrefix.buffer.slice(originalPreKeyWithPrefix.byteOffset, originalPreKeyWithPrefix.byteOffset +
-                    originalPreKeyWithPrefix.byteLength),
-                signature: new Uint8Array(signatureBytes).buffer.slice(signatureBytes.byteOffset, signatureBytes.byteOffset + signatureBytes.byteLength),
+                keyId: signedPreKey.keyId,
+                publicKey: originalSignedPreKeyWithPrefix.buffer.slice(originalSignedPreKeyWithPrefix.byteOffset, originalSignedPreKeyWithPrefix.byteOffset +
+                    originalSignedPreKeyWithPrefix.byteLength),
+                signature: new Uint8Array(signedPreKeySignatureBytes).buffer.slice(signedPreKeySignatureBytes.byteOffset, signedPreKeySignatureBytes.byteOffset +
+                    signedPreKeySignatureBytes.byteLength),
             },
-            // 服务器只提供 signedPreKey，没有单独的 one-time preKey
-            // 这是可以的，Signal Protocol 支持仅使用 signedPreKey 建立会话
-            preKey: undefined,
+            preKey: oneTimePreKeyData,
         };
-        // 建立会话
         const builder = new SessionBuilder(this.store, protocolAddress);
         await builder.processPreKey(device);
-        // 显式存储对方的身份密钥，以便后续解密对方的回复
-        // 使用 protocolAddress.toString() 作为键（包含 deviceId）
         await this.store.saveIdentity(protocolAddress.toString(), device.identityKey);
     }
     /**
      * 加密消息
-     * @param myAddress 发送方地址
-     * @param peerAddress 接收方地址
-     * @param plaintext 明文
-     * @param peerDeviceId 设备ID
-     * @returns 加密后的消息（type 表示底层 Signal Protocol 消息类型：3=PreKeyMessage, 1=WhisperMessage）
      */
     async encryptMessage(myAddress, peerAddress, plaintext, peerDeviceId = DEFAULT_DEVICE_ID) {
         const protocolAddress = new SignalProtocolAddress(peerAddress, peerDeviceId);
-        // 检查是否已有会话（用于确定底层消息类型）
         const sessionKey = protocolAddress.toString();
-        const existingSession = await this.store.loadSession(sessionKey);
-        const isNewSession = !existingSession;
-        // 只有在新会话时才建立会话，避免重置已存在的会话状态
-        if (isNewSession) {
-            await this.establishSession(myAddress, peerAddress, peerDeviceId);
-        }
-        const cipher = new SessionCipher(this.store, protocolAddress);
-        const encoder = new TextEncoder();
-        const cipherMessage = await cipher.encrypt(encoder.encode(plaintext).buffer);
-        // Convert body to ArrayBuffer if it's a string
-        let bodyBuffer;
-        if (typeof cipherMessage.body === "string") {
-            const bodyBytes = Buffer.from(cipherMessage.body, "binary");
-            bodyBuffer = new Uint8Array(bodyBytes).buffer;
-        }
-        else if (cipherMessage.body) {
-            bodyBuffer = cipherMessage.body;
-        }
-        else {
-            throw new MessengerError(MessengerErrorCode.ENCRYPTION_FAILED, "Cipher message body is empty");
+        let existingSession = await this.store.loadSession(sessionKey);
+        let isNewSession = !existingSession;
+        let retryCount = 0;
+        const maxRetries = 5; // 【用户要求】加大容错窗口，让消息可以重试更多次
+        while (retryCount <= maxRetries) {
+            try {
+                if (isNewSession) {
+                    console.log(`[Session] 建立新会话 (尝试 ${retryCount + 1}/${maxRetries + 1})`);
+                    const account = await (await getAccount()).get(myAddress, false);
+                    if (!account?.pubkey) {
+                        throw new MessengerError(MessengerErrorCode.IDENTITY_NOT_FOUND, `Account not found for ${myAddress}`);
+                    }
+                    const timestamp = Date.now();
+                    const nonce = this.generateNonce();
+                    const publicKeyWithFlag = account.pubkey;
+                    const message = `get_bundle:${myAddress}:${timestamp}:${nonce}`;
+                    const signResult = await (await getAccount()).signData(myAddress, message);
+                    const signature = Buffer.from(signResult.signature.slice(2), "hex");
+                    const remoteBundle = await this.serverClient.fetchRemoteBundle(peerAddress, myAddress, publicKeyWithFlag, {
+                        signatureScheme: "ED25519",
+                        signature: bytesToBase64(new Uint8Array(signature)),
+                        timestamp,
+                        nonce,
+                    }, peerDeviceId);
+                    await this.establishSession(myAddress, peerAddress, peerDeviceId, remoteBundle);
+                }
+                const cipher = new SessionCipher(this.store, protocolAddress);
+                const encoder = new TextEncoder();
+                const cipherMessage = await cipher.encrypt(encoder.encode(plaintext).buffer);
+                let bodyBuffer;
+                if (typeof cipherMessage.body === "string") {
+                    const bodyBytes = Buffer.from(cipherMessage.body, "binary");
+                    bodyBuffer = new Uint8Array(bodyBytes).buffer;
+                }
+                else if (cipherMessage.body) {
+                    bodyBuffer = cipherMessage.body;
+                }
+                else {
+                    throw new MessengerError(MessengerErrorCode.ENCRYPTION_FAILED, "Cipher message body is empty");
+                }
+                return {
+                    type: cipherMessage.type,
+                    body: bodyBuffer,
+                    registrationId: cipherMessage.registrationId,
+                };
+            }
+            catch (error) {
+                console.error(`[Session] 加密失败 (尝试 ${retryCount + 1}/${maxRetries + 1}):`, error);
+                if (retryCount >= maxRetries) {
+                    throw error;
+                }
+                console.log(`[Session] 尝试删除旧会话并重新建立...`);
+                try {
+                    if (existingSession) {
+                        await this.store.removeSession(sessionKey);
+                        existingSession = undefined;
+                    }
+                    isNewSession = true;
+                    retryCount++;
+                    await new Promise((resolve) => setTimeout(resolve, 100));
+                }
+                catch (rebuildError) {
+                    console.error(`[Session] 重新建立会话失败:`, rebuildError);
+                    throw error;
+                }
+            }
         }
-        // 使用 SessionCipher 返回的消息类型（1 或 3）
-        // SessionCipher 根据 session.pendingPreKey 是否存在来决定消息类型
-        /*const msgType = cipherMessage.type === 3 ? "PREKEY" : "WHISPER";
-        console.log(
-            `[Session Debug] 加密完成: msgType=${msgType}(${cipherMessage.type}), bodyLength=${bodyBuffer.byteLength}, isNewSession=${isNewSession}`,
-        );*/
-        return {
-            type: cipherMessage.type,
-            body: bodyBuffer,
-            registrationId: cipherMessage.registrationId,
-        };
+        throw new MessengerError(MessengerErrorCode.ENCRYPTION_FAILED, "Encryption failed after multiple attempts");
     }
     /**
      * 解密消息
      */
     async decryptMessage(myAddress, peerAddress, ciphertext, msgType, peerDeviceId = DEFAULT_DEVICE_ID) {
         const protocolAddress = new SignalProtocolAddress(peerAddress, peerDeviceId);
-        // Signal 协议中，接收方直接使用自己的私钥解密消息
-        // decryptPreKeyWhisperMessage 会自动处理会话建立，不需要预先获取发送方的密钥包
-        // 发送方使用接收方的预密钥公钥加密，接收方使用自己的预密钥私钥解密
-        const cipher = new SessionCipher(this.store, protocolAddress);
-        const decoder = new TextDecoder();
-        // 检查会话状态
         const sessionKey = protocolAddress.toString();
-        const existingSession = await this.store.loadSession(sessionKey);
-        let plaintextBuffer;
-        const ciphertextArray = new Uint8Array(ciphertext);
+        let existingSession = await this.store.loadSession(sessionKey);
+        const decoder = new TextDecoder();
         let ciphertextBinary = "";
+        const ciphertextArray = new Uint8Array(ciphertext);
         for (let i = 0; i < ciphertextArray.length; i++) {
             ciphertextBinary += String.fromCharCode(ciphertextArray[i]);
         }
-        try {
-            if (msgType === MessageType.PREKEY_MESSAGE) {
-                // 【新增】如果已有会话，说明对方重置了会话，需要删除旧会话
-                if (existingSession) {
-                    await this.store.removeSession(sessionKey);
-                    // 重新创建 cipher（使用更新后的 store）
-                    const newCipher = new SessionCipher(this.store, protocolAddress);
-                    plaintextBuffer =
-                        await newCipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+        let retryCount = 0;
+        const maxRetries = 5; // 【用户要求】加大容错窗口，让消息可以重试更多次
+        // 【新增】如果是 WHISPER_MESSAGE 且没有现有会话，直接抛出可重试错误
+        if (msgType !== MessageType.PREKEY_MESSAGE && !existingSession) {
+            console.log(`[Session] 收到 WHISPER_MESSAGE 但无现有会话，需要等待 PREKEY_MESSAGE`);
+            throw new Error("收到 WHISPER_MESSAGE 但无现有会话，需要等待 PREKEY_MESSAGE");
+        }
+        while (retryCount <= maxRetries) {
+            try {
+                const cipher = new SessionCipher(this.store, protocolAddress);
+                let plaintextBuffer;
+                if (msgType === MessageType.PREKEY_MESSAGE) {
+                    console.log(`[Session] 收到 PREKEY_MESSAGE，尝试解密 (尝试 ${retryCount + 1}/${maxRetries + 1})`);
+                    try {
+                        // 【用户要求】先用尝试解密（真解密可能推动会话密钥变更，极度重要！）
+                        plaintextBuffer =
+                            await cipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+                        console.log(`[Session] PREKEY_MESSAGE 解密成功！`);
+                        return decoder.decode(plaintextBuffer);
+                    }
+                    catch (decryptError) {
+                        console.log(`[Session] 直接解密 PREKEY_MESSAGE 失败: ${decryptError instanceof Error ? decryptError.message : String(decryptError)}`);
+                        // 如果解密失败，再处理 PREKEY 竞争的情况（但只在第一次尝试时处理）
+                        if (existingSession && retryCount === 0) {
+                            // 【用户要求】PREKEY 竞争时，双方始终优先以小地址发送的消息为最终依据
+                            const myAddr = myAddress.toLowerCase();
+                            const peerAddr = peerAddress.toLowerCase();
+                            if (myAddr < peerAddr) {
+                                // 我的地址较小，保留我的会话！不处理这个 PREKEY_MESSAGE，稍后重试
+                                console.log(`[Session] 我的地址较小 (${myAddr} < ${peerAddr})，保留我的会话，稍后重试`);
+                                throw new Error("PREKEY 竞争：我的地址较小，保留我的会话");
+                            }
+                            else {
+                                // 我的地址较大，删除我的会话，用对方的 PREKEY_MESSAGE 建立新会话
+                                console.log(`[Session] 我的地址较大 (${myAddr} > ${peerAddr})，删除我的会话，用对方的 PREKEY_MESSAGE 建立新会话`);
+                                await this.store.removeSession(sessionKey);
+                                existingSession = undefined;
+                                // 现在删除了会话，重新尝试解密
+                                console.log(`[Session] 已删除旧会话，重新尝试解密...`);
+                                plaintextBuffer =
+                                    await cipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+                                console.log(`[Session] PREKEY_MESSAGE 解密成功，新会话已建立`);
+                                return decoder.decode(plaintextBuffer);
+                            }
+                        }
+                        else {
+                            // 没有现有会话，或者不是第一次尝试，重新抛出解密错误
+                            throw decryptError;
+                        }
+                    }
                 }
                 else {
-                    plaintextBuffer = await cipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+                    plaintextBuffer = await cipher.decryptWhisperMessage(ciphertextBinary, "binary");
                 }
+                return decoder.decode(plaintextBuffer);
             }
-            else {
-                // 解密前检查会话状态
-                /*const sessionBefore = await this.store.loadSession(sessionKey);
-                console.log(
-                    `[Session Debug] 解密前会话状态: ${sessionBefore ? "存在" : "不存在"}`,
-                );*/
-                plaintextBuffer = await cipher.decryptWhisperMessage(ciphertextBinary, "binary");
-                // 解密后检查会话状态
-                /*const sessionAfter = await this.store.loadSession(sessionKey);
-                console.log(
-                    `[Session Debug] 解密后会话状态: ${sessionAfter ? "存在" : "不存在"}`,
-                );*/
-            }
-        }
-        catch (error) {
-            /*console.error(`[Session Debug] 解密失败:`);
-            console.error(
-                `  错误类型: ${error instanceof Error ? error.constructor.name : typeof error}`,
-            );
-            console.error(
-                `  错误消息: ${error instanceof Error ? error.message : String(error)}`,
-            );
-            if (error instanceof Error && error.stack) {
-                console.error(`  堆栈: ${error.stack.split("\n")[0]}`);
+            catch (error) {
+                console.error(`[Session Debug] 解密失败 (尝试 ${retryCount + 1}/${maxRetries + 1}):`);
+                console.error(`  错误类型: ${error instanceof Error ? error.constructor.name : typeof error}`);
+                console.error(`  错误消息: ${error instanceof Error ? error.message : String(error)}`);
+                if (error instanceof Error && error.stack) {
+                    console.error(`  堆栈: ${error.stack.split("\n")[0]}`);
+                }
+                console.error(`  上下文:`);
+                console.error(`    - myAddress: ${myAddress}`);
+                console.error(`    - peerAddress: ${peerAddress}`);
+                console.error(`    - msgType: ${msgType} (${msgType === MessageType.PREKEY_MESSAGE ? "PREKEY" : "WHISPER"})`);
+                console.error(`    - sessionKey: ${sessionKey}`);
+                console.error(`    - existingSession: ${existingSession ? "存在" : "不存在"}`);
+                console.error(`    - ciphertext.length: ${ciphertext.byteLength}`);
+                const identityKey = await this.store.getIdentityKeyPair();
+                const regId = await this.store.getLocalRegistrationId();
+                console.error(`    - identityKey: ${identityKey ? "存在" : "缺失"}`);
+                console.error(`    - registrationId: ${regId}`);
+                if (retryCount >= maxRetries) {
+                    throw error;
+                }
+                console.log(`[Session] 尝试重新建立会话...`);
+                try {
+                    if (existingSession) {
+                        console.log(`[Session] 删除旧会话`);
+                        await this.store.removeSession(sessionKey);
+                        existingSession = undefined;
+                    }
+                    if (msgType === MessageType.PREKEY_MESSAGE) {
+                        console.log(`[Session] 收到的是 PREKEY_MESSAGE，等待发送方的 PreKey 即可重建会话`);
+                    }
+                    else {
+                        console.log(`[Session] 收到的是 WHISPER_MESSAGE，需要让对方重新发送 PREKEY_MESSAGE`);
+                    }
+                    retryCount++;
+                    await new Promise((resolve) => setTimeout(resolve, 100));
+                }
+                catch (rebuildError) {
+                    console.error(`[Session] 重新建立会话失败:`, rebuildError);
+                    throw error;
+                }
             }
-            console.error(`  上下文:`);
-            console.error(`    - myAddress: ${myAddress}`);
-            console.error(`    - peerAddress: ${peerAddress}`);
-            console.error(
-                `    - msgType: ${msgType} (${msgType === MessageType.PREKEY_MESSAGE ? "PREKEY" : "WHISPER"})`,
-            );
-            console.error(`    - sessionKey: ${sessionKey}`);
-            console.error(
-                `    - existingSession: ${existingSession ? "存在" : "不存在"}`,
-            );
-            console.error(`    - ciphertext.length: ${ciphertext.byteLength}`);
-            */
-            console.log("error:", error);
-            throw error;
         }
-        return decoder.decode(plaintextBuffer);
+        throw new MessengerError(MessengerErrorCode.DECRYPTION_FAILED, "Decryption failed after multiple attempts");
     }
     /**
      * 获取本地身份公钥
@@ -407,4 +561,160 @@ export class MessengerSession {
         return identity.registrationId;
     }
 }
+export class SessionStateManager {
+    store;
+    constructor(store) {
+        this.store = store;
+    }
+    /**
+     * 保存会话快照
+     */
+    async snapshotSession(sessionKey) {
+        const sessionData = await this.store.loadSession(sessionKey);
+        return {
+            sessionData: sessionData || null,
+            timestamp: Date.now(),
+        };
+    }
+    /**
+     * 回滚会话状态
+     */
+    async rollbackSession(sessionKey, snapshot) {
+        if (snapshot.sessionData) {
+            await this.store.storeSession(sessionKey, snapshot.sessionData);
+            console.log(`[SessionState] 回滚会话: ${sessionKey}`);
+        }
+        else {
+            await this.store.removeSession(sessionKey);
+            console.log(`[SessionState] 清除会话: ${sessionKey}`);
+        }
+    }
+    /**
+     * 提交会话状态（保留新会话）
+     */
+    async commitSession(_sessionKey) {
+        // 新会话已经在 decrypt 过程中保存到存储
+        // 这里可以添加额外的确认逻辑
+        console.log(`[SessionState] 提交新会话`);
+    }
+}
+export class DecryptionEngine {
+    sessionManager;
+    store;
+    constructor(store) {
+        this.store = store;
+        this.sessionManager = new SessionStateManager(store);
+    }
+    /**
+     * 统一解密入口
+     */
+    async decryptMessage(myAddress, peerAddress, ciphertext, msgType, peerDeviceId = DEFAULT_DEVICE_ID) {
+        const protocolAddress = new SignalProtocolAddress(peerAddress, peerDeviceId);
+        const sessionKey = protocolAddress.toString();
+        // 1. 保存会话快照（用于回滚）
+        const snapshot = await this.sessionManager.snapshotSession(sessionKey);
+        try {
+            if (msgType === MessageType.PREKEY_MESSAGE) {
+                return await this.handlePreKeyMessage(myAddress, peerAddress, ciphertext, protocolAddress, sessionKey, snapshot);
+            }
+            else {
+                return await this.handleWhisperMessage(myAddress, peerAddress, ciphertext, protocolAddress, sessionKey, snapshot);
+            }
+        }
+        catch (error) {
+            // 发生错误，回滚会话
+            await this.sessionManager.rollbackSession(sessionKey, snapshot);
+            return {
+                success: false,
+                sessionUpdated: false,
+                sessionRolledBack: true,
+                messageType: msgType === MessageType.PREKEY_MESSAGE
+                    ? "PREKEY"
+                    : "WHISPER",
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    /**
+     * 处理 PREKEY_MESSAGE
+     */
+    async handlePreKeyMessage(myAddress, peerAddress, ciphertext, protocolAddress, sessionKey, snapshot) {
+        console.log(`[Decrypt] 处理 PREKEY_MESSAGE from ${peerAddress}`);
+        const cipher = new SessionCipher(this.store, protocolAddress);
+        const decoder = new TextDecoder();
+        // 尝试解密（这会可能建立新会话）
+        const ciphertextBinary = this.arrayBufferToBinary(ciphertext);
+        const plaintextBuffer = await cipher.decryptPreKeyWhisperMessage(ciphertextBinary, "binary");
+        const plaintext = decoder.decode(plaintextBuffer);
+        console.log(`[Decrypt] PREKEY_MESSAGE 解密成功`);
+        // 地址优先级判断
+        const myAddr = myAddress.toLowerCase();
+        const peerAddr = peerAddress.toLowerCase();
+        if (myAddr < peerAddr) {
+            // 我是小地址，我的会话优先
+            // 回滚到之前的会话状态
+            await this.sessionManager.rollbackSession(sessionKey, snapshot);
+            console.log(`[Decrypt] 小地址(${myAddr})优先，回滚会话，但消息已解密`);
+            return {
+                success: true,
+                plaintext,
+                sessionUpdated: false,
+                sessionRolledBack: true,
+                messageType: "PREKEY",
+            };
+        }
+        else {
+            // 我是大地址，接受对方的会话
+            await this.sessionManager.commitSession(sessionKey);
+            console.log(`[Decrypt] 大地址(${myAddr})接受新会话`);
+            return {
+                success: true,
+                plaintext,
+                sessionUpdated: true,
+                sessionRolledBack: false,
+                messageType: "PREKEY",
+            };
+        }
+    }
+    /**
+     * 处理 WHISPER_MESSAGE
+     */
+    async handleWhisperMessage(_myAddress, peerAddress, ciphertext, protocolAddress, sessionKey, snapshot) {
+        console.log(`[Decrypt] 处理 WHISPER_MESSAGE from ${peerAddress}`);
+        // 检查是否有现有会话
+        const existingSession = await this.store.loadSession(sessionKey);
+        if (!existingSession) {
+            console.log(`[Decrypt] 无会话，WHISPER_MESSAGE 需要等待 PREKEY`);
+            await this.sessionManager.rollbackSession(sessionKey, snapshot);
+            return {
+                success: false,
+                sessionUpdated: false,
+                sessionRolledBack: false,
+                messageType: "WHISPER",
+                error: "NO_SESSION",
+            };
+        }
+        const cipher = new SessionCipher(this.store, protocolAddress);
+        const decoder = new TextDecoder();
+        // 尝试解密
+        const ciphertextBinary = this.arrayBufferToBinary(ciphertext);
+        const plaintextBuffer = await cipher.decryptWhisperMessage(ciphertextBinary, "binary");
+        console.log(`[Decrypt] WHISPER_MESSAGE 解密成功`);
+        return {
+            success: true,
+            plaintext: decoder.decode(plaintextBuffer),
+            sessionUpdated: true,
+            sessionRolledBack: false,
+            messageType: "WHISPER",
+        };
+    }
+    arrayBufferToBinary(buffer) {
+        const array = new Uint8Array(buffer);
+        let binary = "";
+        for (let i = 0; i < array.length; i++) {
+            binary += String.fromCharCode(array[i]);
+        }
+        return binary;
+    }
+}
 //# sourceMappingURL=session.js.map