Compare commits

..

10 Commits

Author SHA1 Message Date
Renato Alcara 3f4e83a8af fix: address codex/copilot review on view-once send/recv
P1 (messages-recv.ts): remove early return for <unavailable type="view_once"/>.
decryptMessageNode already handles this gracefully — decode-wa-message.ts sets
fullMessage.key.isViewOnce=true and skips the CIPHERTEXT stub (line 464).
The early return was preventing upsertMessage from emitting an event to consumers,
making view-once sends from the primary phone invisible on linked devices.

P2 (messages-send.ts): restrict isViewOnceMsg detection to actual view-once media.
Previously checked only for the presence of viewOnceMessage* wrappers, which are
also used by buttons/lists/carousels (non-view-once). Now unwraps the inner message
and checks imageMessage.viewOnce / videoMessage.viewOnce / audioMessage.viewOnce,
consistent with the detection in decode-wa-message.ts. Prevents companion DSM
filtering from incorrectly applying to interactive messages.

P3 (messages-send.ts): move assertSessions to use only the recipients actually
encrypted for. For view-once, omitted companions no longer cause assertSessions
to fail or do unnecessary session validation work.

Co-Authored-By: Renato Alcara
2026-03-23 00:35:10 -03:00
Renato Alcara d870ffb2a3 fix: handle view-once send/recv on linked devices
- messages-send.ts: for view-once messages, send DSM only to device=0
  (primary phone). Companion devices (device>0) are omitted from
  participants — the WA server generates <unavailable type="view_once"/>
  for them automatically. Sending explicit <unavailable> from a companion
  is rejected by the server and breaks delivery.
  phash is recalculated to match the actual participants sent.

- messages-recv.ts: add early return for <unavailable type="view_once"/>
  stanzas received by the companion (API). When the primary phone sends
  a view-once, linked companions receive this node with no enc content.
  Previously the code tried to decrypt it and crashed with a 500 error.

Co-Authored-By: Renato Alcara
2026-03-23 00:02:54 -03:00
Renato Alcara f6c72530a2 fix: unwrap viewOnceMessage in getMediaType so enc node gets mediatype attribute
Without this fix, view-once media (image/video/audio) was sent without
mediatype="image/video/audio" on the enc node because getMediaType only
checked the top-level message fields. The viewOnceMessage wrapper hides
the inner imageMessage, causing mediatype to be empty and WA servers to
silently drop the message on the recipient side.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 10:45:14 -03:00
Renato Alcara a4e7422487 fix: remove unnecessary non-null assertion on fullMessage.key
fullMessage.key is always present on WAMessage. Use consistent style
with stanza-2 handling at line 297.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 10:09:09 -03:00
Renato Alcara c6511d3034 fix: detect view-once media (image/video/audio) on stanza 1 for linked devices
When a view-once arrives at a linked device (InfiniteAPI), the server sends:
- Stanza 1: enc payload with full media metadata (mediaKey, directPath) wrapped in
  viewOnceMessage > imageMessage/videoMessage/audioMessage with viewOnce: true
- Stanza 2: unavailable view_once fanout placeholder (already handled)

Previously only stanza 2 set key.isViewOnce = true. Stanza 1 was emitted as
plain media with no view-once indicator, making it indistinguishable from regular
media on the consumer side (messages.upsert).

This fix inspects the decrypted proto for viewOnceMessage (v1/v2/v2Ext) wrappers
containing a media message with viewOnce=true and propagates key.isViewOnce=true.

The viewOnceMessage wrapper is also used for interactive messages (carousel,
buttons, lists) but those carry interactiveMessage/listMessage inside -- never
imageMessage.viewOnce / videoMessage.viewOnce / audioMessage.viewOnce.
The distinction is unambiguous and does not affect interactive message handling.

Verified via WA Desktop CDP capture (2026-03-19) and Android Frida DB capture
of view-once types 42/43/82 in msgstore.db (2026-03-20).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 09:35:26 -03:00
Renato Alcara d2db4cec97 chore: update WhatsApp Web version to v2.3000.1035595667 (#308)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-03-20 06:31:30 -03:00
github-actions[bot] be44c5fdb0 chore: update proto/version to v2.3000.1035577069 (#307)
Co-authored-by: rsalcara <rsalcara@users.noreply.github.com>
2026-03-20 01:30:09 -03:00
Renato Alcara f63f0a766f fix: align Bad MAC retry receipt with WA Desktop behavior
fix: align Bad MAC retry receipt with WA Desktop behavior
2026-03-19 23:48:44 -03:00
Renato Alcara fbefa6a0ad fix: replace magic numbers with RetryReason enum constants
Address remaining Copilot review comments on PR #306:

- Import RetryReason enum from Utils (already re-exported via Utils/index.ts)
- Replace all numeric literals (0/1/2/3/4/7) in retryErrorCode with the
  corresponding enum members (UnknownError / SignalErrorNoSession / etc.)
- Removes inline comments that were only needed to explain magic numbers
- If RetryReason values ever change, the compiler will surface the drift

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 23:44:34 -03:00
Renato Alcara 9c4cdc3e02 fix: use DECRYPTION_RETRY_CONFIG constants for retry error code derivation
Address Copilot review comments on PR #306:

1. Replace ad-hoc regexes with the canonical DECRYPTION_RETRY_CONFIG error
   lists from decode-wa-message.ts (single source of truth). Any future
   additions to those lists are automatically picked up here.

2. Add coverage for MessageCounterError ('Key used already or never filled')
   which was previously returning code 0. It now correctly maps to code 4
   (SignalErrorInvalidMessage) via corruptedSessionErrors.

3. Broaden session-error matching to also catch libsignal variants like
   'No sessions', 'No open session', 'No sessions available' via the
   /no (open )?sessions?/ regex alongside sessionRecordErrors.

4. Fix comment: clarify that code 7 = BadMac and code 4 = InvalidMessage
   are distinct codes (previous comment conflated them).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 23:29:46 -03:00
7 changed files with 110 additions and 29 deletions
+2 -2
View File
@@ -1,7 +1,7 @@
syntax = "proto3";
package proto;
/// WhatsApp Version: 2.3000.1035484955
/// WhatsApp Version: 2.3000.1035577069
message ADVDeviceIdentity {
optional uint32 rawId = 1;
@@ -2149,7 +2149,6 @@ message LimitSharing {
CHAT_SETTING = 1;
BIZ_SUPPORTS_FB_HOSTING = 2;
UNKNOWN_GROUP = 3;
DEPRECATION = 4;
}
}
@@ -4893,6 +4892,7 @@ message SyncActionValue {
repeated SyncActionValue.BroadcastListParticipant participants = 2;
optional string listName = 3;
repeated string labelIds = 4;
optional string audienceExpression = 5;
}
message CallLogAction {
+3 -2
View File
@@ -5356,8 +5356,7 @@ export namespace proto {
UNKNOWN = 0,
CHAT_SETTING = 1,
BIZ_SUPPORTS_FB_HOSTING = 2,
UNKNOWN_GROUP = 3,
DEPRECATION = 4
UNKNOWN_GROUP = 3
}
}
@@ -12483,6 +12482,7 @@ export namespace proto {
participants?: (proto.SyncActionValue.IBroadcastListParticipant[]|null);
listName?: (string|null);
labelIds?: (string[]|null);
audienceExpression?: (string|null);
}
class BusinessBroadcastListAction implements IBusinessBroadcastListAction {
@@ -12491,6 +12491,7 @@ export namespace proto {
public participants: proto.SyncActionValue.IBroadcastListParticipant[];
public listName?: (string|null);
public labelIds: string[];
public audienceExpression?: (string|null);
public static create(properties?: proto.SyncActionValue.IBusinessBroadcastListAction): proto.SyncActionValue.BusinessBroadcastListAction;
public static encode(m: proto.SyncActionValue.IBusinessBroadcastListAction, w?: $protobuf.Writer): $protobuf.Writer;
public static decode(r: ($protobuf.Reader|Uint8Array), l?: number): proto.SyncActionValue.BusinessBroadcastListAction;
+21 -9
View File
@@ -26692,10 +26692,6 @@ export const proto = $root.proto = (() => {
case 3:
m.limitSharingTrigger = 3;
break;
case "DEPRECATION":
case 4:
m.limitSharingTrigger = 4;
break;
}
if (d.limitSharingInitiatedByMe != null) {
m.limitSharingInitiatedByMe = Boolean(d.limitSharingInitiatedByMe);
@@ -36778,10 +36774,6 @@ export const proto = $root.proto = (() => {
case 3:
m.trigger = 3;
break;
case "DEPRECATION":
case 4:
m.trigger = 4;
break;
}
if (d.limitSharingSettingTimestamp != null) {
if ($util.Long)
@@ -36846,7 +36838,6 @@ export const proto = $root.proto = (() => {
values[valuesById[1] = "CHAT_SETTING"] = 1;
values[valuesById[2] = "BIZ_SUPPORTS_FB_HOSTING"] = 2;
values[valuesById[3] = "UNKNOWN_GROUP"] = 3;
values[valuesById[4] = "DEPRECATION"] = 4;
return values;
})();
@@ -87581,6 +87572,7 @@ export const proto = $root.proto = (() => {
BusinessBroadcastListAction.prototype.participants = $util.emptyArray;
BusinessBroadcastListAction.prototype.listName = null;
BusinessBroadcastListAction.prototype.labelIds = $util.emptyArray;
BusinessBroadcastListAction.prototype.audienceExpression = null;
let $oneOfFields;
@@ -87596,6 +87588,12 @@ export const proto = $root.proto = (() => {
set: $util.oneOfSetter($oneOfFields)
});
// Virtual OneOf for proto3 optional field
Object.defineProperty(BusinessBroadcastListAction.prototype, "_audienceExpression", {
get: $util.oneOfGetter($oneOfFields = ["audienceExpression"]),
set: $util.oneOfSetter($oneOfFields)
});
BusinessBroadcastListAction.create = function create(properties) {
return new BusinessBroadcastListAction(properties);
};
@@ -87615,6 +87613,8 @@ export const proto = $root.proto = (() => {
for (var i = 0; i < m.labelIds.length; ++i)
w.uint32(34).string(m.labelIds[i]);
}
if (m.audienceExpression != null && Object.hasOwnProperty.call(m, "audienceExpression"))
w.uint32(42).string(m.audienceExpression);
return w;
};
@@ -87647,6 +87647,10 @@ export const proto = $root.proto = (() => {
m.labelIds.push(r.string());
break;
}
case 5: {
m.audienceExpression = r.string();
break;
}
default:
r.skipType(t & 7);
break;
@@ -87683,6 +87687,9 @@ export const proto = $root.proto = (() => {
m.labelIds[i] = String(d.labelIds[i]);
}
}
if (d.audienceExpression != null) {
m.audienceExpression = String(d.audienceExpression);
}
return m;
};
@@ -87716,6 +87723,11 @@ export const proto = $root.proto = (() => {
d.labelIds[j] = m.labelIds[j];
}
}
if (m.audienceExpression != null && m.hasOwnProperty("audienceExpression")) {
d.audienceExpression = m.audienceExpression;
if (o.oneofs)
d._audienceExpression = "audienceExpression";
}
return d;
};
+1 -1
View File
@@ -1 +1 @@
{"version":[2,3000,1035504971]}
{"version":[2,3000,1035595667]}
+25 -10
View File
@@ -49,9 +49,12 @@ import {
getStatusFromReceiptType,
handleIdentityChange,
hkdf,
BAD_MAC_ERROR_TEXT,
DECRYPTION_RETRY_CONFIG,
MISSING_KEYS_ERROR_TEXT,
NACK_REASONS,
NO_MESSAGE_FOUND_ERROR_TEXT,
RetryReason,
normalizeKeyLidToPn,
normalizeMessageJids,
resolveLidToPn,
@@ -1312,25 +1315,37 @@ export const makeMessagesRecvSocket = (config: SocketConfig) => {
const fromJid = node.attrs.from!
// Derive the Signal error code from the actual decryption failure message.
// This is sent in the retry receipt so the peer (even another InfiniteAPI instance)
// knows the exact reason and can recreate the session immediately instead of waiting
// for the 1-hour timeout fallback.
// Sent in the retry receipt so the peer (even another InfiniteAPI instance)
// knows the exact failure type and can recreate the session immediately
// instead of falling back to the 1-hour timeout.
//
// Codes mirror RetryReason enum in message-retry-manager.ts:
// 0 = UnknownError | 1 = NoSession | 2 = InvalidKey
// 3 = InvalidKeyId | 7 = BadMac (= SignalErrorInvalidMessage/InvalidCipherKey)
// 3 = InvalidKeyId | 4 = InvalidMessage | 7 = BadMac
//
// Uses DECRYPTION_RETRY_CONFIG error lists (single source of truth in
// decode-wa-message.ts) so additions to those lists are picked up here
// automatically.
//
// NOTE: We do NOT delete the session here (receiver side). The Signal Protocol
// recovers automatically when the sender's pkmsg arrives — it overwrites the
// corrupted session. Deleting prematurely creates a race window where no session
// exists, which can cause "No Session" errors on concurrent messages.
const retryErrorCode = (() => {
if (!decryptionError) return 0
if (/bad\s*mac/i.test(decryptionError)) return 7 // SignalErrorBadMac
if (/no\s*session/i.test(decryptionError)) return 1 // SignalErrorNoSession
if (/pre\s*key/i.test(decryptionError)) return 3 // SignalErrorInvalidKeyId
if (/invalid\s*key/i.test(decryptionError)) return 2 // SignalErrorInvalidKey
return 0
if (!decryptionError) return RetryReason.UnknownError
// Bad MAC must be checked first — it is also in corruptedSessionErrors
// but warrants the more specific code 7 over the generic code 4.
if (decryptionError.includes(BAD_MAC_ERROR_TEXT)) return RetryReason.SignalErrorBadMac
// MessageCounterError and other corrupted-session variants
if (DECRYPTION_RETRY_CONFIG.corruptedSessionErrors.some(e => decryptionError.includes(e))) return RetryReason.SignalErrorInvalidMessage
// Missing / invalid session record
if (DECRYPTION_RETRY_CONFIG.sessionRecordErrors.some(e => decryptionError.includes(e)) ||
/no\s+(open\s+)?sessions?/i.test(decryptionError)) return RetryReason.SignalErrorNoSession
// PreKey / key-id errors
if (/pre\s*key/i.test(decryptionError)) return RetryReason.SignalErrorInvalidKeyId
// Identity / key errors
if (/invalid\s*key|untrusted\s*identity/i.test(decryptionError)) return RetryReason.SignalErrorInvalidKey
return RetryReason.UnknownError
})()
if (retryCount <= 2) {
+40 -4
View File
@@ -1277,21 +1277,48 @@ export const makeMessagesSocket = (config: SocketConfig) => {
: otherRecipients
const effectiveAllRecipients = [...effectiveMeRecipients, ...effectiveOtherRecipients]
await assertSessions(effectiveAllRecipients)
// P2: detect actual view-once media by checking inner message's viewOnce flag.
// viewOnceMessage wrapper is also used for interactive messages (buttons, lists, etc)
// which do NOT carry viewOnce=true on the media — those must NOT be filtered.
const viewOnceInner =
message.viewOnceMessageV2?.message ||
message.viewOnceMessage?.message ||
message.viewOnceMessageV2Extension?.message
const isViewOnceMsg = !!(
viewOnceInner?.imageMessage?.viewOnce ||
viewOnceInner?.videoMessage?.viewOnce ||
viewOnceInner?.audioMessage?.viewOnce
)
// For view-once: only send DSM to primary phone (device=0).
// Companion devices (device>0) are omitted — WA server generates
// <unavailable type="view_once"/> for them automatically.
// Sending explicit <unavailable> from a companion is rejected by the server.
const viewOnceMeRecipients = isViewOnceMsg
? effectiveMeRecipients.filter(jid => !jidDecode(jid)?.device)
: effectiveMeRecipients
// P3: assert sessions only for recipients we actually encrypt for.
// For view-once, companions are omitted — asserting their sessions is wasteful
// and could block the send if a companion session is corrupted.
await assertSessions([...viewOnceMeRecipients, ...effectiveOtherRecipients])
const [
{ nodes: meNodes, shouldIncludeDeviceIdentity: s1 },
{ nodes: otherNodes, shouldIncludeDeviceIdentity: s2 }
] = await Promise.all([
// For own devices: use DSM (deviceSentMessage) wrapper
createParticipantNodes(effectiveMeRecipients, meMsg || message, extraAttrs),
createParticipantNodes(viewOnceMeRecipients, meMsg || message, extraAttrs),
createParticipantNodes(effectiveOtherRecipients, message, extraAttrs)
])
participants.push(...meNodes)
participants.push(...otherNodes)
if (effectiveMeRecipients.length > 0 || effectiveOtherRecipients.length > 0) {
extraAttrs['phash'] = generateParticipantHashV2(effectiveAllRecipients)
const phashRecipients = isViewOnceMsg
? [...viewOnceMeRecipients, ...effectiveOtherRecipients]
: effectiveAllRecipients
if (phashRecipients.length > 0) {
extraAttrs['phash'] = generateParticipantHashV2(phashRecipients)
}
shouldIncludeDeviceIdentity = shouldIncludeDeviceIdentity || s1 || s2
@@ -1897,6 +1924,15 @@ export const makeMessagesSocket = (config: SocketConfig) => {
}
const getMediaType = (message: proto.IMessage) => {
// For view-once media, unwrap the viewOnceMessage wrapper before checking media type
const inner =
message.viewOnceMessage?.message ||
message.viewOnceMessageV2?.message ||
message.viewOnceMessageV2Extension?.message
if (inner) {
return getMediaType(inner)
}
if (message.imageMessage) {
return 'image'
} else if (message.videoMessage) {
+17
View File
@@ -392,6 +392,23 @@ export const decryptMessageNode = (
} else {
fullMessage.message = msg
}
// Detect view-once media on stanza 1 received by linked device.
// viewOnceMessage wrapper is also used for interactive messages
// (interactiveMessage, listMessage, nativeFlowMessage) -- those do NOT have
// imageMessage.viewOnce / videoMessage.viewOnce / audioMessage.viewOnce = true.
// Only real view-once media carries viewOnce: true on the inner media message.
const viewOnceInner =
msg.viewOnceMessage?.message ||
msg.viewOnceMessageV2?.message ||
msg.viewOnceMessageV2Extension?.message
if (
viewOnceInner?.imageMessage?.viewOnce ||
viewOnceInner?.videoMessage?.viewOnce ||
viewOnceInner?.audioMessage?.viewOnce
) {
fullMessage.key.isViewOnce = true
}
} catch (err: any) {
// Check if this is a final failure after all retries exhausted
const isRetryExhausted = err instanceof RetryExhaustedError