zapo-js 1.2.0 → 1.2.1

package/dist/appstate/sync/WaAppStateSyncClient.js

@@ -717,7 +717,12 @@ class WaAppStateSyncClient {
         if (keyData !== null) {
             const expectedSnapshotMac = await this.crypto.generateSnapshotMac(keyData, ltHash, version, collection);
             if (!(0, bytes_1.uint8TimingSafeEqual)(expectedSnapshotMac, snapshot.mac)) {
-                throw new Error(`snapshot MAC mismatch for ${collection}`);
+                // Poisoned server-side snapshot (MAC unverifiable by any client):
+                // keep partial state instead of throwing, which would loop refetch forever.
+                this.logger.warn('snapshot LT-hash verification failed, continuing with partial state', {
+                    collection,
+                    version
+                });
             }
         }
         this.setCollectionState(collection, version, ltHash, indexValueMap);

package/dist/esm/appstate/sync/WaAppStateSyncClient.js

@@ -714,7 +714,12 @@ export class WaAppStateSyncClient {
         if (keyData !== null) {
             const expectedSnapshotMac = await this.crypto.generateSnapshotMac(keyData, ltHash, version, collection);
             if (!uint8TimingSafeEqual(expectedSnapshotMac, snapshot.mac)) {
-                throw new Error(`snapshot MAC mismatch for ${collection}`);
+                // Poisoned server-side snapshot (MAC unverifiable by any client):
+                // keep partial state instead of throwing, which would loop refetch forever.
+                this.logger.warn('snapshot LT-hash verification failed, continuing with partial state', {
+                    collection,
+                    version
+                });
             }
         }
         this.setCollectionState(collection, version, ltHash, indexValueMap);

package/dist/esm/util/index.js

@@ -1,4 +1,4 @@
-export { base64ToBytes, bytesToBase64, bytesToBase64UrlSafe, bytesToHex, decodeBase64Url, hexToBytes, TEXT_DECODER, toBytesView, uint8Equal } from './bytes.js';
+export { base64ToBytes, bytesToBase64, bytesToBase64UrlSafe, bytesToHex, decodeBase64Url, hexToBytes, TEXT_DECODER, toBytesView, uint8Equal, uint8TimingSafeEqual } from './bytes.js';
 export { asBytes, asNumber, asOptionalBytes, asOptionalNumber, asOptionalString, asString, resolvePositive, toBoolOrUndef } from './coercion.js';
 export { normalizeQueryLimit } from './collections.js';
 export { toError, toSafeNumber } from './primitives.js';

package/dist/util/index.d.ts

@@ -1,4 +1,4 @@
-export { base64ToBytes, bytesToBase64, bytesToBase64UrlSafe, bytesToHex, decodeBase64Url, hexToBytes, TEXT_DECODER, toBytesView, uint8Equal } from './bytes';
+export { base64ToBytes, bytesToBase64, bytesToBase64UrlSafe, bytesToHex, decodeBase64Url, hexToBytes, TEXT_DECODER, toBytesView, uint8Equal, uint8TimingSafeEqual } from './bytes';
 export { asBytes, asNumber, asOptionalBytes, asOptionalNumber, asOptionalString, asString, resolvePositive, toBoolOrUndef } from './coercion';
 export { normalizeQueryLimit } from './collections';
 export { toError, toSafeNumber } from './primitives';

package/dist/util/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isBunRuntime = exports.toSafeNumber = exports.toError = exports.normalizeQueryLimit = exports.toBoolOrUndef = exports.resolvePositive = exports.asString = exports.asOptionalString = exports.asOptionalNumber = exports.asOptionalBytes = exports.asNumber = exports.asBytes = exports.uint8Equal = exports.toBytesView = exports.TEXT_DECODER = exports.hexToBytes = exports.decodeBase64Url = exports.bytesToHex = exports.bytesToBase64UrlSafe = exports.bytesToBase64 = exports.base64ToBytes = void 0;
+exports.isBunRuntime = exports.toSafeNumber = exports.toError = exports.normalizeQueryLimit = exports.toBoolOrUndef = exports.resolvePositive = exports.asString = exports.asOptionalString = exports.asOptionalNumber = exports.asOptionalBytes = exports.asNumber = exports.asBytes = exports.uint8TimingSafeEqual = exports.uint8Equal = exports.toBytesView = exports.TEXT_DECODER = exports.hexToBytes = exports.decodeBase64Url = exports.bytesToHex = exports.bytesToBase64UrlSafe = exports.bytesToBase64 = exports.base64ToBytes = void 0;
 var bytes_1 = require("./bytes");
 Object.defineProperty(exports, "base64ToBytes", { enumerable: true, get: function () { return bytes_1.base64ToBytes; } });
 Object.defineProperty(exports, "bytesToBase64", { enumerable: true, get: function () { return bytes_1.bytesToBase64; } });
@@ -11,6 +11,7 @@ Object.defineProperty(exports, "hexToBytes", { enumerable: true, get: function (
 Object.defineProperty(exports, "TEXT_DECODER", { enumerable: true, get: function () { return bytes_1.TEXT_DECODER; } });
 Object.defineProperty(exports, "toBytesView", { enumerable: true, get: function () { return bytes_1.toBytesView; } });
 Object.defineProperty(exports, "uint8Equal", { enumerable: true, get: function () { return bytes_1.uint8Equal; } });
+Object.defineProperty(exports, "uint8TimingSafeEqual", { enumerable: true, get: function () { return bytes_1.uint8TimingSafeEqual; } });
 var coercion_1 = require("./coercion");
 Object.defineProperty(exports, "asBytes", { enumerable: true, get: function () { return coercion_1.asBytes; } });
 Object.defineProperty(exports, "asNumber", { enumerable: true, get: function () { return coercion_1.asNumber; } });

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "zapo-js",
-    "version": "1.2.0",
+    "version": "1.2.1",
     "description": "High-performance WhatsApp Web TypeScript library",
     "license": "MIT",
     "author": "vinikjkkj <contact@vinicius.email> (https://github.com/vinikjkkj)",