feat: add legacy connection

2025-10-13 00:32:22 +00:00 · 2021-12-17 19:27:04 +05:30
parent 13b49e658d
commit 19a9980492
23 changed files with 2402 additions and 103 deletions
--- a/src/Utils/chat-utils.ts
+++ b/src/Utils/chat-utils.ts
@@ -480,7 +480,7 @@ export const chatModificationToAppPatch = (
        if(mod.clear === 'all') {
            throw new Boom('not supported')
        } else {
-            const key = mod.clear.message
+            const key = mod.clear.messages[0]
            patch = {
                syncAction: {
                    deleteMessageForMeAction: {
--- a/src/Utils/index.ts
+++ b/src/Utils/index.ts
@@ -9,4 +9,5 @@ export * from './noise-handler'
 export * from './history'
 export * from './chat-utils'
 export * from './lt-hash'
-export * from './auth-utils'
+export * from './auth-utils'
+export * from './legacy-msgs'
--- a/src/Utils/legacy-msgs.ts
+++ b/src/Utils/legacy-msgs.ts
@@ -0,0 +1,142 @@
+import { Boom } from '@hapi/boom'
+import { randomBytes } from 'crypto'
+import { decodeBinaryNode, jidNormalizedUser } from "../WABinary"
+import { aesDecrypt, hmacSign, hkdf, Curve } from "./crypto"
+import { DisconnectReason, WATag, LegacyAuthenticationCreds, CurveKeyPair, Contact } from "../Types"
+
+export const newLegacyAuthCreds = () => ({
+    clientID: randomBytes(16).toString('base64')
+}) as LegacyAuthenticationCreds
+
+export const decodeWAMessage = (
+    message: string | Buffer, 
+    auth: { macKey: Buffer, encKey: Buffer }, 
+    fromMe: boolean=false
+) => {
+
+    let commaIndex = message.indexOf(',') // all whatsapp messages have a tag and a comma, followed by the actual message
+    if (commaIndex < 0) throw new Boom('invalid message', { data: message }) // if there was no comma, then this message must be not be valid
+    
+    if (message[commaIndex+1] === ',') commaIndex += 1
+    let data = message.slice(commaIndex+1, message.length)
+    
+    // get the message tag.
+    // If a query was done, the server will respond with the same message tag we sent the query with
+    const messageTag: string = message.slice(0, commaIndex).toString()
+    let json: any
+    let tags: WATag
+    if (data.length > 0) {
+        if (typeof data === 'string') {
+            json = JSON.parse(data) // parse the JSON
+        } else {
+            const { macKey, encKey } = auth || {}
+            if (!macKey || !encKey) {
+                throw new Boom('recieved encrypted buffer when auth creds unavailable', { data: message, statusCode: DisconnectReason.badSession })
+            }
+            /* 
+                If the data recieved was not a JSON, then it must be an encrypted message.
+                Such a message can only be decrypted if we're connected successfully to the servers & have encryption keys
+            */
+            if (fromMe) {
+                tags = [data[0], data[1]]
+                data = data.slice(2, data.length)
+            }
+            
+            const checksum = data.slice(0, 32) // the first 32 bytes of the buffer are the HMAC sign of the message
+            data = data.slice(32, data.length) // the actual message
+            const computedChecksum = hmacSign(data, macKey) // compute the sign of the message we recieved using our macKey
+            
+            if (checksum.equals(computedChecksum)) {
+                // the checksum the server sent, must match the one we computed for the message to be valid
+                const decrypted = aesDecrypt(data, encKey) // decrypt using AES
+                json = decodeBinaryNode(decrypted) // decode the binary message into a JSON array
+            } else {
+                throw new Boom('Bad checksum', {
+                    data: {
+                        received: checksum.toString('hex'),
+                        computed: computedChecksum.toString('hex'),
+                        data: data.slice(0, 80).toString(),
+                        tag: messageTag,
+                        message: message.slice(0, 80).toString()
+                    },
+                    statusCode: DisconnectReason.badSession
+                })
+            }
+        }   
+    }
+    return [messageTag, json, tags] as const
+}
+
+/**
+* Once the QR code is scanned and we can validate our connection, or we resolved the challenge when logging back in
+* @private
+* @param json
+*/
+export const validateNewConnection = (
+	json: { [_: string]: any }, 
+	auth: LegacyAuthenticationCreds,
+	curveKeys: CurveKeyPair
+) => {
+   // set metadata: one's WhatsApp ID [cc][number]@s.whatsapp.net, name on WhatsApp, info about the phone
+   const onValidationSuccess = () => {
+	   const user: Contact = {
+           id: jidNormalizedUser(json.wid),
+           name: json.pushname
+       }
+	   return { user, auth, phone: json.phone }
+   }
+   if (!json.secret) {
+	   // if we didn't get a secret, we don't need it, we're validated
+	   if (json.clientToken && json.clientToken !== auth.clientToken) {
+			auth = { ...auth, clientToken: json.clientToken }
+	   }
+	   if (json.serverToken && json.serverToken !== auth.serverToken) {
+		   auth = { ...auth, serverToken: json.serverToken }
+	   }
+	   return onValidationSuccess()
+   }
+   const secret = Buffer.from(json.secret, 'base64')
+   if (secret.length !== 144) {
+	   throw new Error ('incorrect secret length received: ' + secret.length)
+   }
+
+   // generate shared key from our private key & the secret shared by the server
+   const sharedKey = Curve.sharedKey(curveKeys.private, secret.slice(0, 32))
+   // expand the key to 80 bytes using HKDF
+   const expandedKey = hkdf(sharedKey as Buffer, 80, { })
+
+   // perform HMAC validation.
+   const hmacValidationKey = expandedKey.slice(32, 64)
+   const hmacValidationMessage = Buffer.concat([secret.slice(0, 32), secret.slice(64, secret.length)])
+
+   const hmac = hmacSign(hmacValidationMessage, hmacValidationKey)
+
+   if (!hmac.equals(secret.slice(32, 64))) {
+	   // if the checksums didn't match
+	   throw new Boom('HMAC validation failed', { statusCode: 400 })
+   }
+
+   // computed HMAC should equal secret[32:64]
+   // expandedKey[64:] + secret[64:] are the keys, encrypted using AES, that are used to encrypt/decrypt the messages recieved from WhatsApp
+   // they are encrypted using key: expandedKey[0:32]
+   const encryptedAESKeys = Buffer.concat([
+	   expandedKey.slice(64, expandedKey.length),
+	   secret.slice(64, secret.length),
+   ])
+   const decryptedKeys = aesDecrypt(encryptedAESKeys, expandedKey.slice(0, 32))
+   // set the credentials
+   auth = {
+	   encKey: decryptedKeys.slice(0, 32), // first 32 bytes form the key to encrypt/decrypt messages
+	   macKey: decryptedKeys.slice(32, 64), // last 32 bytes from the key to sign messages
+	   clientToken: json.clientToken,
+	   serverToken: json.serverToken,
+	   clientID: auth.clientID,
+   }
+   return onValidationSuccess()
+}
+
+export const computeChallengeResponse = (challenge: string, auth: LegacyAuthenticationCreds) => {
+	const bytes = Buffer.from(challenge, 'base64') // decode the base64 encoded challenge string
+	const signed = hmacSign(bytes, auth.macKey).toString('base64') // sign the challenge string with our macKey
+	return[ 'admin', 'challenge', signed, auth.serverToken, auth.clientID] // prepare to send this signed string with the serverToken & clientID
+}
--- a/src/Utils/messages-media.ts
+++ b/src/Utils/messages-media.ts
@@ -10,10 +10,10 @@ import { URL } from 'url'
 import { join } from 'path'
 import { once } from 'events'
 import got, { Options, Response } from 'got'
-import { MessageType, WAMessageContent, WAProto, WAGenericMediaMessage, WAMediaUpload, MediaType, DownloadableMessage } from '../Types'
+import { MessageType, WAMessageContent, WAProto, WAGenericMediaMessage, WAMediaUpload, MediaType, DownloadableMessage, WAMediaUploadFunction, MediaConnInfo, CommonSocketConfig } from '../Types'
 import { generateMessageID } from './generics'
 import { hkdf } from './crypto'
-import { DEFAULT_ORIGIN } from '../Defaults'
+import { DEFAULT_ORIGIN, MEDIA_PATH_MAP } from '../Defaults'

 export const hkdfInfoKey = (type: MediaType) => {
    let str: string = type
@@ -389,4 +389,53 @@ export function extensionForMediaMessage(message: WAMessageContent) {
        extension = getExtension (messageContent.mimetype)
    }
    return extension
+}
+
+export const getWAUploadToServer = ({ customUploadHosts, agent, logger }: CommonSocketConfig<any>, refreshMediaConn: (force: boolean) => Promise<MediaConnInfo>): WAMediaUploadFunction => {
+    return async(stream, { mediaType, fileEncSha256B64, timeoutMs }) => {
+        // send a query JSON to obtain the url & auth token to upload our media
+        let uploadInfo = await refreshMediaConn(false)
+    
+        let mediaUrl: string
+        const hosts = [ ...customUploadHosts, ...uploadInfo.hosts.map(h => h.hostname) ]
+        for (let hostname of hosts) {
+            const auth = encodeURIComponent(uploadInfo.auth) // the auth token
+            const url = `https://${hostname}${MEDIA_PATH_MAP[mediaType]}/${fileEncSha256B64}?auth=${auth}&token=${fileEncSha256B64}`
+            
+            try {
+                const {body: responseText} = await got.post(
+                    url, 
+                    {
+                        headers: { 
+                            'Content-Type': 'application/octet-stream',
+                            'Origin': DEFAULT_ORIGIN
+                        },
+                        agent: {
+                            https: agent
+                        },
+                        body: stream,
+                        timeout: timeoutMs
+                    }
+                )
+                const result = JSON.parse(responseText)
+                mediaUrl = result?.url
+                
+                if (mediaUrl) break
+                else {
+                    uploadInfo = await refreshMediaConn(true)
+                    throw new Error(`upload failed, reason: ${JSON.stringify(result)}`)
+                }
+            } catch (error) {
+                const isLast = hostname === hosts[uploadInfo.hosts.length-1]
+                logger.debug(`Error in uploading to ${hostname} (${error}) ${isLast ? '' : ', retrying...'}`)
+            }
+        }
+        if (!mediaUrl) {
+            throw new Boom(
+                'Media upload failed on all hosts',
+                { statusCode: 500 }
+            )
+        }
+        return { mediaUrl }
+    }
 }