Files
InfiniteAPI/src/Signal/libsignal.ts
T
Gustavo Quadri 194b557b0f fix: optimize LID migration performance and introduce cache (#1782)
* chore: lid-map cache, bulk migration, fixes

* fix: type error

* fix: signalrepository with lid type, remove check from assertsessions, lid-mapping store level deduplication

* fix: migrations logs

* fix: remove migrationsops lenght check

* fix: skip deletesession if cached or existing migrations

* chore: remove check migrated session

* fix: remove return null loadsession

* fix: getLIDforPN call and jidsrequiringfetch

* fix: longer lid map cache TTL

* fix: lint

* fix: lid type

* fix: lid socket type
2025-09-14 21:58:59 +03:00

410 lines
13 KiB
TypeScript

/* @ts-ignore */
import * as libsignal from 'libsignal'
import type { SignalAuthState, SignalKeyStoreWithTransaction } from '../Types'
import type { SignalRepositoryWithLIDStore } from '../Types/Signal'
import { generateSignalPubKey } from '../Utils'
import { jidDecode, transferDevice } from '../WABinary'
import type { SenderKeyStore } from './Group/group_cipher'
import { SenderKeyName } from './Group/sender-key-name'
import { SenderKeyRecord } from './Group/sender-key-record'
import { GroupCipher, GroupSessionBuilder, SenderKeyDistributionMessage } from './Group'
import { LIDMappingStore } from './lid-mapping'
export function makeLibSignalRepository(
auth: SignalAuthState,
onWhatsAppFunc?: (...jids: string[]) => Promise<
| {
jid: string
exists: boolean
lid: string
}[]
| undefined
>
): SignalRepositoryWithLIDStore {
const lidMapping = new LIDMappingStore(auth.keys as SignalKeyStoreWithTransaction, onWhatsAppFunc)
const storage = signalStorage(auth, lidMapping)
const parsedKeys = auth.keys as SignalKeyStoreWithTransaction
function isLikelySyncMessage(addr: libsignal.ProtocolAddress): boolean {
const key = addr.toString()
// Only bypass for WhatsApp system addresses, not regular user contacts
// Be very specific about sync service patterns
return (
key.includes('@lid.whatsapp.net') || // WhatsApp system messages
key.includes('@broadcast') || // Broadcast messages
key.includes('@newsletter')
)
}
const repository: SignalRepositoryWithLIDStore = {
decryptGroupMessage({ group, authorJid, msg }) {
const senderName = jidToSignalSenderKeyName(group, authorJid)
const cipher = new GroupCipher(storage, senderName)
// Use transaction to ensure atomicity
return parsedKeys.transaction(async () => {
return cipher.decrypt(msg)
}, group)
},
async processSenderKeyDistributionMessage({ item, authorJid }) {
const builder = new GroupSessionBuilder(storage)
if (!item.groupId) {
throw new Error('Group ID is required for sender key distribution message')
}
const senderName = jidToSignalSenderKeyName(item.groupId, authorJid)
const senderMsg = new SenderKeyDistributionMessage(
null,
null,
null,
null,
item.axolotlSenderKeyDistributionMessage
)
const senderNameStr = senderName.toString()
const { [senderNameStr]: senderKey } = await auth.keys.get('sender-key', [senderNameStr])
if (!senderKey) {
await storage.storeSenderKey(senderName, new SenderKeyRecord())
}
return parsedKeys.transaction(async () => {
const { [senderNameStr]: senderKey } = await auth.keys.get('sender-key', [senderNameStr])
if (!senderKey) {
await storage.storeSenderKey(senderName, new SenderKeyRecord())
}
await builder.process(senderName, senderMsg)
}, item.groupId)
},
async decryptMessage({ jid, type, ciphertext }) {
const addr = jidToSignalProtocolAddress(jid)
const session = new libsignal.SessionCipher(storage, addr)
async function doDecrypt() {
let result: Buffer
switch (type) {
case 'pkmsg':
result = await session.decryptPreKeyWhisperMessage(ciphertext)
break
case 'msg':
result = await session.decryptWhisperMessage(ciphertext)
break
}
return result
}
if (isLikelySyncMessage(addr)) {
// If it's a sync message, we can skip the transaction
// as it is likely to be a system message that doesn't require strict atomicity
return await doDecrypt()
}
// If it's not a sync message, we need to ensure atomicity
// For regular messages, we use a transaction to ensure atomicity
return parsedKeys.transaction(async () => {
return await doDecrypt()
}, jid)
},
async encryptMessage({ jid, data }) {
// LID SINGLE SOURCE OF TRUTH: Always prefer LID when available
let encryptionJid = jid
// Check for LID mapping and use it if session exists
if (jid.includes('@s.whatsapp.net')) {
const lidForPN = await lidMapping.getLIDForPN(jid)
if (lidForPN?.includes('@lid')) {
const lidAddr = jidToSignalProtocolAddress(lidForPN)
const { [lidAddr.toString()]: lidSession } = await auth.keys.get('session', [lidAddr.toString()])
if (lidSession) {
// LID session exists, use it
encryptionJid = lidForPN
} else {
// Try to migrate if PN session exists
const pnAddr = jidToSignalProtocolAddress(jid)
const { [pnAddr.toString()]: pnSession } = await auth.keys.get('session', [pnAddr.toString()])
if (pnSession) {
// Migrate PN to LID
await repository.migrateSession([jid], lidForPN)
encryptionJid = lidForPN
}
}
}
}
const addr = jidToSignalProtocolAddress(encryptionJid)
const cipher = new libsignal.SessionCipher(storage, addr)
// Use transaction to ensure atomicity
return parsedKeys.transaction(async () => {
const { type: sigType, body } = await cipher.encrypt(data)
const type = sigType === 3 ? 'pkmsg' : 'msg'
return { type, ciphertext: Buffer.from(body, 'binary') }
}, jid)
},
async encryptGroupMessage({ group, meId, data }) {
const senderName = jidToSignalSenderKeyName(group, meId)
const builder = new GroupSessionBuilder(storage)
const senderNameStr = senderName.toString()
return parsedKeys.transaction(async () => {
const { [senderNameStr]: senderKey } = await auth.keys.get('sender-key', [senderNameStr])
if (!senderKey) {
await storage.storeSenderKey(senderName, new SenderKeyRecord())
}
const senderKeyDistributionMessage = await builder.create(senderName)
const session = new GroupCipher(storage, senderName)
const ciphertext = await session.encrypt(data)
return {
ciphertext,
senderKeyDistributionMessage: senderKeyDistributionMessage.serialize()
}
}, group)
},
async injectE2ESession({ jid, session }) {
const cipher = new libsignal.SessionBuilder(storage, jidToSignalProtocolAddress(jid))
return parsedKeys.transaction(async () => {
await cipher.initOutgoing(session)
}, jid)
},
jidToSignalProtocolAddress(jid) {
return jidToSignalProtocolAddress(jid).toString()
},
// Optimized direct access to LID mapping store
lidMapping,
async validateSession(jid: string) {
try {
const addr = jidToSignalProtocolAddress(jid)
const session = await storage.loadSession(addr.toString())
if (!session) {
return { exists: false, reason: 'no session' }
}
if (!session.haveOpenSession()) {
return { exists: false, reason: 'no open session' }
}
return { exists: true }
} catch (error) {
return { exists: false, reason: 'validation error' }
}
},
async deleteSession(jids: string[]) {
if (!jids.length) return
// Convert JIDs to signal addresses and prepare for bulk deletion
const sessionUpdates: { [key: string]: null } = {}
jids.forEach(jid => {
const addr = jidToSignalProtocolAddress(jid)
sessionUpdates[addr.toString()] = null
})
// Single transaction for all deletions
return parsedKeys.transaction(async () => {
await auth.keys.set({ session: sessionUpdates })
}, `delete-${jids.length}-sessions`)
},
async migrateSession(
fromJids: string[],
toJid: string
): Promise<{ migrated: number; skipped: number; total: number }> {
if (!fromJids.length || !toJid.includes('@lid')) return { migrated: 0, skipped: 0, total: 0 }
// Filter valid PN JIDs
const validJids = fromJids.filter(jid => jid.includes('@s.whatsapp.net'))
if (!validJids.length) return { migrated: 0, skipped: 0, total: fromJids.length }
// Single optimized transaction for all migrations
return parsedKeys.transaction(
async (): Promise<{ migrated: number; skipped: number; total: number }> => {
// 1. Batch store all LID mappings
const mappings = validJids.map(jid => ({
lid: transferDevice(jid, toJid),
pn: jid
}))
await lidMapping.storeLIDPNMappings(mappings)
// 2. Prepare migration operations
const migrationOps = validJids.map(jid => {
const lidWithDevice = transferDevice(jid, toJid)
const fromDecoded = jidDecode(jid)!
const toDecoded = jidDecode(lidWithDevice)!
return {
fromJid: jid,
toJid: lidWithDevice,
pnUser: fromDecoded.user,
lidUser: toDecoded.user,
deviceId: fromDecoded.device || 0,
fromAddr: jidToSignalProtocolAddress(jid),
toAddr: jidToSignalProtocolAddress(lidWithDevice)
}
})
// 3. Batch check which LID sessions already exist
const lidAddrs = migrationOps.map(op => op.toAddr.toString())
const existingSessions = await auth.keys.get('session', lidAddrs)
// 4. Filter out sessions that already have LID sessions
const opsToMigrate = migrationOps.filter(op => !existingSessions[op.toAddr.toString()])
const skippedCount = migrationOps.length - opsToMigrate.length
if (!opsToMigrate.length) {
return { migrated: 0, skipped: skippedCount, total: validJids.length }
}
// 5. Execute all migrations in parallel
await Promise.all(
opsToMigrate.map(async op => {
const fromSession = await storage.loadSession(op.fromAddr.toString())
if (fromSession?.haveOpenSession()) {
// Copy session to LID address
const sessionBytes = fromSession.serialize()
const copiedSession = libsignal.SessionRecord.deserialize(sessionBytes)
await storage.storeSession(op.toAddr.toString(), copiedSession)
// Delete PN session
await auth.keys.set({ session: { [op.fromAddr.toString()]: null } })
}
})
)
return { migrated: opsToMigrate.length, skipped: skippedCount, total: validJids.length }
},
`migrate-${validJids.length}-sessions-${jidDecode(toJid)?.user}`
)
},
async encryptMessageWithWire({ encryptionJid, wireJid, data }) {
const result = await repository.encryptMessage({ jid: encryptionJid, data })
return { ...result, wireJid }
}
}
return repository
}
const jidToSignalProtocolAddress = (jid: string): libsignal.ProtocolAddress => {
const decoded = jidDecode(jid)!
const { user, device, server } = decoded
if (!user) {
throw new Error(
`JID decoded but user is empty: "${jid}" -> user: "${user}", server: "${server}", device: ${device}`
)
}
// LID addresses get _1 suffix for Signal protocol
const signalUser = server === 'lid' ? `${user}_1` : user
const finalDevice = device || 0
return new libsignal.ProtocolAddress(signalUser, finalDevice)
}
const jidToSignalSenderKeyName = (group: string, user: string): SenderKeyName => {
return new SenderKeyName(group, jidToSignalProtocolAddress(user))
}
function signalStorage(
{ creds, keys }: SignalAuthState,
lidMapping: LIDMappingStore
): SenderKeyStore & libsignal.SignalStorage {
return {
loadSession: async (id: string) => {
try {
// LID SINGLE SOURCE OF TRUTH: Auto-redirect PN to LID if mapping exists
let actualId = id
if (id.includes('.') && !id.includes('_1')) {
// This is a PN signal address format (e.g., "1234567890.0")
// Convert back to JID to check for LID mapping
const parts = id.split('.')
const device = parts[1] || '0'
const pnJid = device === '0' ? `${parts[0]}@s.whatsapp.net` : `${parts[0]}:${device}@s.whatsapp.net`
const lidForPN = await lidMapping.getLIDForPN(pnJid)
if (lidForPN?.includes('@lid')) {
const lidAddr = jidToSignalProtocolAddress(lidForPN)
const lidId = lidAddr.toString()
// Check if LID session exists
const { [lidId]: lidSession } = await keys.get('session', [lidId])
if (lidSession) {
actualId = lidId
}
}
}
const { [actualId]: sess } = await keys.get('session', [actualId])
if (sess) {
return libsignal.SessionRecord.deserialize(sess)
}
} catch (e) {
return null
}
return null
},
storeSession: async (id: string, session: libsignal.SessionRecord) => {
await keys.set({ session: { [id]: session.serialize() } })
},
isTrustedIdentity: () => {
return true
},
loadPreKey: async (id: number | string) => {
const keyId = id.toString()
const { [keyId]: key } = await keys.get('pre-key', [keyId])
if (key) {
return {
privKey: Buffer.from(key.private),
pubKey: Buffer.from(key.public)
}
}
},
removePreKey: (id: number) => keys.set({ 'pre-key': { [id]: null } }),
loadSignedPreKey: () => {
const key = creds.signedPreKey
return {
privKey: Buffer.from(key.keyPair.private),
pubKey: Buffer.from(key.keyPair.public)
}
},
loadSenderKey: async (senderKeyName: SenderKeyName) => {
const keyId = senderKeyName.toString()
const { [keyId]: key } = await keys.get('sender-key', [keyId])
if (key) {
return SenderKeyRecord.deserialize(key)
}
return new SenderKeyRecord()
},
storeSenderKey: async (senderKeyName: SenderKeyName, key: SenderKeyRecord) => {
const keyId = senderKeyName.toString()
const serialized = JSON.stringify(key.serialize())
await keys.set({ 'sender-key': { [keyId]: Buffer.from(serialized, 'utf-8') } })
},
getOurRegistrationId: () => creds.registrationId,
getOurIdentity: () => {
const { signedIdentityKey } = creds
return {
privKey: Buffer.from(signedIdentityKey.private),
pubKey: Buffer.from(generateSignalPubKey(signedIdentityKey.public))
}
}
}
}