Files
InfiniteAPI/src/Utils/decode-wa-message.ts
T
Claude 9dccb4c9ad fix: address PR #144 code review feedback
Addresses all concerns raised by Copilot and Codex reviewers:

**Type Safety (Copilot #1)**:
- Remove dynamic property access `logger[logLevel]`
- Use explicit if/else with proper type checking

**Visibility (Codex #1)**:
- Non-retry errors (protobuf, parsing) always log as ERROR
- Remove warn downgrade for unexpected errors

**Defensive Coding (Copilot #3)**:
- Use `String(originalError?.message ?? originalError)`
- Prevents crashes on undefined/null message property

**Scope Creep (Codex #2)**:
- Add stack trace validation to console.log override
- Only suppress logs originating from libsignal module
- Prevents affecting unrelated application logs

**Logic Clarity (Copilot #2)**:
- Clarify that onRetry hooks handle intermediate logging
- Maintain clear distinction between retry vs non-retry errors

https://claude.ai/code/session_01SoNUGBEWbJwWWws3F2fuzh
2026-02-11 04:52:38 +00:00

549 lines
16 KiB
TypeScript

import { Boom } from '@hapi/boom'
import { proto } from '../../WAProto/index.js'
import type { WAMessage, WAMessageKey } from '../Types'
import type { SignalRepositoryWithLIDStore } from '../Types/Signal'
import {
areJidsSameUser,
type BinaryNode,
isHostedLidUser,
isHostedPnUser,
isJidBroadcast,
isJidGroup,
isJidMetaAI,
isJidNewsletter,
isJidStatusBroadcast,
isLidUser,
isPnUser,
jidDecode
// transferDevice
} from '../WABinary'
import { unpadRandomMax16 } from './generics'
import type { ILogger } from './logger'
import { retry, type RetryOptions, RetryExhaustedError } from './retry-utils'
export const getDecryptionJid = async (sender: string, repository: SignalRepositoryWithLIDStore): Promise<string> => {
if (isLidUser(sender) || isHostedLidUser(sender)) {
return sender
}
const mapped = await repository.lidMapping.getLIDForPN(sender)
return mapped || sender
}
const storeMappingFromEnvelope = async (
stanza: BinaryNode,
sender: string,
repository: SignalRepositoryWithLIDStore,
decryptionJid: string,
logger: ILogger
): Promise<void> => {
// TODO: Handle hosted IDs
const { senderAlt } = extractAddressingContext(stanza)
if (senderAlt && isLidUser(senderAlt) && isPnUser(sender) && decryptionJid === sender) {
try {
await repository.lidMapping.storeLIDPNMappings([{ lid: senderAlt, pn: sender }])
await repository.migrateSession(sender, senderAlt)
logger.debug({ sender, senderAlt }, 'Stored LID mapping from envelope')
} catch (error) {
logger.warn({ sender, senderAlt, error }, 'Failed to store LID mapping')
}
}
}
export const NO_MESSAGE_FOUND_ERROR_TEXT = 'Message absent from node'
export const MISSING_KEYS_ERROR_TEXT = 'Key used already or never filled'
export const BAD_MAC_ERROR_TEXT = 'Bad MAC'
// Retry configuration for failed decryption
export const DECRYPTION_RETRY_CONFIG = {
maxRetries: 3,
baseDelayMs: 100,
sessionRecordErrors: ['No session record', 'SessionError: No session record'],
corruptedSessionErrors: ['Bad MAC', 'MessageCounterError', MISSING_KEYS_ERROR_TEXT]
}
/**
* Retry options for decryption operations
* Uses exponential backoff with jitter to handle transient failures
*/
export const DECRYPTION_RETRY_OPTIONS: RetryOptions = {
maxAttempts: 3,
baseDelay: 200, // 200ms base delay
maxDelay: 2000, // 2s max delay
backoffStrategy: 'exponential',
backoffMultiplier: 2,
jitter: 0.2, // 20% jitter
collectMetrics: false, // No Prometheus metrics
operationName: 'message_decryption',
shouldRetry: (error: Error, attempt: number) => {
const errorMsg = error?.message || ''
// Always retry on session record errors (session might be syncing)
if (DECRYPTION_RETRY_CONFIG.sessionRecordErrors.some(err => errorMsg.includes(err))) {
return attempt < 3 // Retry up to 3 times
}
// Don't retry on corrupted session errors (need cleanup first)
if (DECRYPTION_RETRY_CONFIG.corruptedSessionErrors.some(err => errorMsg.includes(err))) {
return false
}
// Retry other transient errors
return attempt < 2 // Retry up to 2 times for unknown errors
}
}
export const NACK_REASONS = {
ParsingError: 487,
UnrecognizedStanza: 488,
UnrecognizedStanzaClass: 489,
UnrecognizedStanzaType: 490,
InvalidProtobuf: 491,
InvalidHostedCompanionStanza: 493,
MissingMessageSecret: 495,
SignalErrorOldCounter: 496,
MessageDeletedOnPeer: 499,
UnhandledError: 500,
UnsupportedAdminRevoke: 550,
UnsupportedLIDGroup: 551,
DBOperationFailed: 552,
CorruptedSession: 553
}
type MessageType =
| 'chat'
| 'peer_broadcast'
| 'other_broadcast'
| 'group'
| 'direct_peer_status'
| 'other_status'
| 'newsletter'
export const extractAddressingContext = (stanza: BinaryNode) => {
let senderAlt: string | undefined
let recipientAlt: string | undefined
const sender = stanza.attrs.participant || stanza.attrs.from
const addressingMode = stanza.attrs.addressing_mode || (sender?.endsWith('lid') ? 'lid' : 'pn')
if (addressingMode === 'lid') {
// Message is LID-addressed: sender is LID, extract corresponding PN
// without device data
senderAlt = stanza.attrs.participant_pn || stanza.attrs.sender_pn || stanza.attrs.peer_recipient_pn
recipientAlt = stanza.attrs.recipient_pn
// with device data
//if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
} else {
// Message is PN-addressed: sender is PN, extract corresponding LID
// without device data
senderAlt = stanza.attrs.participant_lid || stanza.attrs.sender_lid || stanza.attrs.peer_recipient_lid
recipientAlt = stanza.attrs.recipient_lid
//with device data
//if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
}
return {
addressingMode,
senderAlt,
recipientAlt
}
}
/**
* Decode the received node as a message.
* @note this will only parse the message, not decrypt it
*/
export function decodeMessageNode(stanza: BinaryNode, meId: string, meLid: string) {
let msgType: MessageType
let chatId: string
let author: string
let fromMe = false
const msgId = stanza.attrs.id
const from = stanza.attrs.from
if (!from) {
throw new Boom('Missing from attribute in message', { data: stanza })
}
const participant: string | undefined = stanza.attrs.participant
const recipient: string | undefined = stanza.attrs.recipient
const addressingContext = extractAddressingContext(stanza)
const isMe = (jid: string) => areJidsSameUser(jid, meId)
const isMeLid = (jid: string) => areJidsSameUser(jid, meLid)
if (isPnUser(from) || isLidUser(from) || isHostedLidUser(from) || isHostedPnUser(from)) {
if (recipient && !isJidMetaAI(recipient)) {
if (!isMe(from) && !isMeLid(from)) {
throw new Boom('receipient present, but msg not from me', { data: stanza })
}
if (isMe(from) || isMeLid(from)) {
fromMe = true
}
chatId = recipient
} else {
chatId = from
}
msgType = 'chat'
author = from
} else if (isJidGroup(from)) {
if (!participant) {
throw new Boom('No participant in group message')
}
if (isMe(participant) || isMeLid(participant)) {
fromMe = true
}
msgType = 'group'
author = participant
chatId = from
} else if (isJidBroadcast(from)) {
if (!participant) {
throw new Boom('No participant in group message')
}
const isParticipantMe = isMe(participant)
if (isJidStatusBroadcast(from)) {
msgType = isParticipantMe ? 'direct_peer_status' : 'other_status'
} else {
msgType = isParticipantMe ? 'peer_broadcast' : 'other_broadcast'
}
fromMe = isParticipantMe
chatId = from
author = participant
} else if (isJidNewsletter(from)) {
msgType = 'newsletter'
chatId = from
author = from
if (isMe(from) || isMeLid(from)) {
fromMe = true
}
} else {
throw new Boom('Unknown message type', { data: stanza })
}
const pushname = stanza?.attrs?.notify
const key: WAMessageKey = {
remoteJid: chatId,
remoteJidAlt: !isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
fromMe,
id: msgId,
participant,
participantAlt: isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
addressingMode: addressingContext.addressingMode,
...(msgType === 'newsletter' && stanza.attrs.server_id ? { server_id: stanza.attrs.server_id } : {})
}
const fullMessage: WAMessage = {
key,
category: stanza.attrs.category,
messageTimestamp: +(stanza.attrs.t ?? 0),
pushName: pushname,
broadcast: isJidBroadcast(from)
}
if (key.fromMe) {
fullMessage.status = proto.WebMessageInfo.Status.SERVER_ACK
}
return {
fullMessage,
author,
sender: msgType === 'chat' ? author : chatId
}
}
export const decryptMessageNode = (
stanza: BinaryNode,
meId: string,
meLid: string,
repository: SignalRepositoryWithLIDStore,
logger: ILogger,
autoCleanCorrupted: boolean = true
) => {
const { fullMessage, author, sender } = decodeMessageNode(stanza, meId, meLid)
return {
fullMessage,
category: stanza.attrs.category,
author,
async decrypt() {
let decryptables = 0
if (Array.isArray(stanza.content)) {
for (const { tag, attrs, content } of stanza.content) {
if (tag === 'verified_name' && content instanceof Uint8Array) {
const cert = proto.VerifiedNameCertificate.decode(content)
if (cert.details) {
const details = proto.VerifiedNameCertificate.Details.decode(cert.details)
fullMessage.verifiedBizName = details.verifiedName
}
}
if (tag === 'unavailable' && attrs.type === 'view_once') {
fullMessage.key.isViewOnce = true // TODO: remove from here and add a STUB TYPE
}
if (attrs.count && tag === 'enc') {
fullMessage.retryCount = Number(attrs.count)
}
if (tag !== 'enc' && tag !== 'plaintext') {
continue
}
if (!(content instanceof Uint8Array)) {
continue
}
decryptables += 1
let msgBuffer: Uint8Array
const decryptionJid = await getDecryptionJid(author, repository)
if (tag !== 'plaintext') {
// TODO: Handle hosted devices
await storeMappingFromEnvelope(stanza, author, repository, decryptionJid, logger)
}
try {
const e2eType = tag === 'plaintext' ? 'plaintext' : attrs.type
// Wrap decryption in retry logic for transient failures
switch (e2eType) {
case 'skmsg':
msgBuffer = await retry(
() => repository.decryptGroupMessage({
group: sender,
authorJid: author,
msg: content
}),
{
...DECRYPTION_RETRY_OPTIONS,
onRetry: (error, attempt, delay) => {
logger.debug(
{ error: error.message, attempt, delay, group: sender, author },
'Retrying group message decryption'
)
}
}
)
break
case 'pkmsg':
case 'msg':
msgBuffer = await retry(
() => repository.decryptMessage({
jid: decryptionJid,
type: e2eType,
ciphertext: content
}),
{
...DECRYPTION_RETRY_OPTIONS,
onRetry: (error, attempt, delay) => {
logger.debug(
{ error: error.message, attempt, delay, jid: decryptionJid, type: e2eType },
'Retrying message decryption'
)
}
}
)
break
case 'plaintext':
msgBuffer = content
break
default:
throw new Error(`Unknown e2e type: ${e2eType}`)
}
let msg: proto.IMessage = proto.Message.decode(
e2eType !== 'plaintext' ? unpadRandomMax16(msgBuffer) : msgBuffer
)
msg = msg.deviceSentMessage?.message || msg
if (msg.senderKeyDistributionMessage) {
//eslint-disable-next-line max-depth
try {
await repository.processSenderKeyDistributionMessage({
authorJid: author,
item: msg.senderKeyDistributionMessage
})
} catch (err) {
logger.error({ key: fullMessage.key, err }, 'failed to process sender key distribution message')
}
}
if (fullMessage.message) {
Object.assign(fullMessage.message, msg)
} else {
fullMessage.message = msg
}
} catch (err: any) {
// Check if this is a final failure after all retries exhausted
const isRetryExhausted = err instanceof RetryExhaustedError
const originalError = isRetryExhausted ? err.originalError : err
const isCorrupted = isCorruptedSessionError(originalError)
const isSessionRecord = isSessionRecordError(originalError)
const errorContext = {
key: fullMessage.key,
err: originalError,
messageType: tag === 'plaintext' ? 'plaintext' : attrs.type,
sender,
author,
decryptionJid,
isSessionRecordError: isSessionRecord,
isCorruptedSession: isCorrupted,
...(isRetryExhausted && { retriesExhausted: true, attempts: err.attempts })
}
// Smart logging based on error type and retry status
if (isCorrupted) {
// Corrupted session errors are expected and auto-recovered
// Only log as ERROR if retries exhausted, otherwise WARN on first attempt
if (isRetryExhausted) {
logger.error(
errorContext,
`⚠️ Session corrupted and recovery failed after ${err.attempts} attempts. Auto-cleanup will attempt to recover.`
)
} else {
// First occurrence - log as warning since auto-recovery will attempt
logger.warn(
errorContext,
'⚠️ Corrupted session detected - attempting auto-recovery'
)
}
// Automatic cleanup of corrupted session (if enabled)
if (autoCleanCorrupted) {
try {
await cleanupCorruptedSession(decryptionJid, repository, logger)
logger.info(
{ decryptionJid, author },
'✅ Corrupted session cleaned up. New session will be created on next message.'
)
} catch (cleanupErr) {
logger.error(
{ decryptionJid, err: cleanupErr },
'❌ Failed to cleanup corrupted session'
)
}
}
} else if (isSessionRecord) {
// Session record errors are transient - retry should handle them
if (isRetryExhausted) {
logger.error(
errorContext,
`Failed to decrypt: No session record found after ${err.attempts} attempts`
)
} else {
logger.debug(errorContext, 'No session record - will retry')
}
} else {
// Unknown/unexpected errors (protobuf, parsing, etc.)
// These don't go through retry, so always log as ERROR
// Type-safe explicit logging instead of dynamic property access
logger.error(
errorContext,
isRetryExhausted
? `Failed to decrypt message after ${err.attempts} attempts`
: 'Failed to decrypt message'
)
}
fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT
// Safe coercion handling edge cases where message might be undefined
fullMessage.messageStubParameters = [String(originalError?.message ?? originalError)]
}
}
}
// if nothing was found to decrypt
if (!decryptables && !fullMessage.key?.isViewOnce) {
fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT
fullMessage.messageStubParameters = [NO_MESSAGE_FOUND_ERROR_TEXT]
}
}
}
}
/**
* Utility function to check if an error is related to missing session record
*/
function isSessionRecordError(error: any): boolean {
const errorMessage = error?.message || error?.toString() || ''
return DECRYPTION_RETRY_CONFIG.sessionRecordErrors.some(errorPattern => errorMessage.includes(errorPattern))
}
/**
* Utility function to check if an error indicates a corrupted session
* (Bad MAC, MessageCounterError, Key already used)
*/
export function isCorruptedSessionError(error: any): boolean {
const errorMessage = error?.message || error?.toString() || ''
return DECRYPTION_RETRY_CONFIG.corruptedSessionErrors.some(errorPattern => errorMessage.includes(errorPattern))
}
/**
* Clean up corrupted session by deleting all device sessions for a JID
* Signal Protocol will automatically recreate the session on next message
*/
async function cleanupCorruptedSession(
jid: string,
repository: SignalRepositoryWithLIDStore,
logger: ILogger
): Promise<void> {
const { user, device } = jidDecode(jid) || {}
if (!user) {
logger.warn({ jid }, 'Cannot cleanup session - invalid JID')
return
}
// Build list of JIDs to delete (primary + secondary devices)
const jidsToDelete: string[] = []
// Determine domain type correctly (handle hosted JIDs)
// JID formats:
// - PN: user@s.whatsapp.net
// - LID: user@lid
// - Hosted PN: user@hosted
// - Hosted LID: user@hosted.lid
const isLID = jid.endsWith('@lid') || jid.endsWith('@hosted.lid')
const isHosted = jid.includes('@hosted')
let domain: string
if (isLID) {
domain = isHosted ? 'hosted.lid' : 'lid'
} else {
domain = isHosted ? 'hosted' : 's.whatsapp.net'
}
// Primary device (0)
jidsToDelete.push(`${user}@${domain}`)
// Secondary devices (1-5 common range for Web/Desktop/etc)
for (let i = 1; i <= 5; i++) {
jidsToDelete.push(`${user}:${i}@${domain}`)
}
// If specific device was identified and > 5, ensure it's included
if (device !== undefined && device > 5) {
jidsToDelete.push(`${user}:${device}@${domain}`)
}
await repository.deleteSession(jidsToDelete)
logger.debug(
{ jid, user, device, deletedSessions: jidsToDelete },
'Deleted corrupted sessions for user'
)
}