WhatsApp/Signal/Formstack/admin updates

2025-11-21 14:55:28 +01:00 · 2025-11-21 14:55:28 +01:00 · d0cc5a21de
commit d0cc5a21de
parent bcecf61a46
451 changed files with 16139 additions and 39623 deletions
--- a/apps/bridge-whatsapp/Dockerfile
+++ b/apps/bridge-whatsapp/Dockerfile
@ -2,30 +2,39 @@ FROM node:22-bookworm-slim AS base

 FROM base AS builder
 ARG APP_DIR=/opt/bridge-whatsapp
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
 RUN mkdir -p ${APP_DIR}/
-RUN npm i -g turbo
+RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
+RUN pnpm add -g turbo
 WORKDIR ${APP_DIR}
 COPY . .
 RUN turbo prune --scope=@link-stack/bridge-whatsapp --docker

 FROM base AS installer
 ARG APP_DIR=/opt/bridge-whatsapp
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
 WORKDIR ${APP_DIR}
+RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
 COPY --from=builder ${APP_DIR}/out/json/ .
 COPY --from=builder ${APP_DIR}/out/full/ .
-COPY --from=builder ${APP_DIR}/out/package-lock.json ./package-lock.json
-RUN npm ci
-RUN npm i -g turbo
+COPY --from=builder ${APP_DIR}/out/pnpm-lock.yaml ./pnpm-lock.yaml
+RUN pnpm install --frozen-lockfile
+RUN pnpm add -g turbo
 RUN turbo run build --filter=@link-stack/bridge-whatsapp

 FROM base as runner
 ARG BUILD_DATE
 ARG VERSION
 ARG APP_DIR=/opt/bridge-whatsapp
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
 RUN mkdir -p ${APP_DIR}/
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
    apt-get install -y --no-install-recommends \
    dumb-init
+RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
 WORKDIR ${APP_DIR}
 COPY --from=installer ${APP_DIR} ./
 RUN chown -R node:node ${APP_DIR}
--- a/apps/bridge-whatsapp/README.md
+++ b/apps/bridge-whatsapp/README.md
@ -0,0 +1,172 @@
+# Bridge WhatsApp
+
+WhatsApp integration service for the CDR Link communication bridge system.
+
+## Overview
+
+Bridge WhatsApp provides a REST API for sending and receiving WhatsApp messages using the Baileys library (WhatsApp Web API). It handles bot session management, message routing, and media processing for WhatsApp communication channels.
+
+## Features
+
+- **Bot Management**: Register and manage multiple WhatsApp bot sessions
+- **Message Handling**: Send and receive text messages with formatting
+- **Media Support**: Handle images, documents, audio, and video files
+- **QR Code Authentication**: Web-based WhatsApp authentication
+- **REST API**: Simple HTTP endpoints for integration
+
+## Development
+
+### Prerequisites
+
+- Node.js >= 20
+- npm >= 10
+- PostgreSQL database (for bot configuration)
+
+### Setup
+
+```bash
+# Install dependencies
+npm install
+
+# Build TypeScript
+npm run build
+
+# Run development server
+npm run dev
+
+# Start production server
+npm run start
+```
+
+### Environment Variables
+
+- `PORT` - Server port (default: 5000)
+- `DATABASE_URL` - PostgreSQL connection string (optional)
+- Additional WhatsApp-specific configuration as needed
+
+### Available Scripts
+
+- `npm run build` - Compile TypeScript
+- `npm run dev` - Development mode with auto-reload
+- `npm run start` - Start production server
+
+## API Endpoints
+
+### Bot Management
+
+- `POST /api/bots/:token` - Register/initialize a bot
+- `GET /api/bots/:token` - Get bot status and QR code
+
+### Messaging
+
+- `POST /api/bots/:token/send` - Send a message
+- `POST /api/bots/:token/receive` - Webhook for incoming messages
+
+### Request/Response Format
+
+#### Send Message
+
+```json
+{
+  "to": "1234567890@s.whatsapp.net",
+  "message": "Hello World",
+  "media": {
+    "url": "https://example.com/image.jpg",
+    "type": "image"
+  }
+}
+```
+
+#### Receive Message Webhook
+
+```json
+{
+  "from": "1234567890@s.whatsapp.net",
+  "message": "Hello",
+  "timestamp": "2024-01-01T00:00:00Z",
+  "media": {
+    "url": "https://...",
+    "type": "image",
+    "mimetype": "image/jpeg"
+  }
+}
+```
+
+## Architecture
+
+### Server Framework
+
+Built with Hapi.js for:
+
+- Route validation
+- Plugin architecture
+- Error handling
+- Request lifecycle
+
+### WhatsApp Integration
+
+Uses @whiskeysockets/baileys:
+
+- WhatsApp Web protocol
+- Multi-device support
+- Message encryption
+- Media handling
+
+### Session Management
+
+- File-based session storage
+- Automatic reconnection
+- QR code regeneration
+- Session cleanup
+
+## Media Handling
+
+Supported media types:
+
+- **Images**: JPEG, PNG, GIF
+- **Documents**: PDF, DOC, DOCX
+- **Audio**: MP3, OGG, WAV
+- **Video**: MP4, AVI
+
+Media is processed and uploaded before sending.
+
+## Error Handling
+
+- Connection errors trigger reconnection
+- Invalid sessions regenerate QR codes
+- API errors return appropriate HTTP status codes
+- Comprehensive logging for debugging
+
+## Security
+
+- Token-based bot authentication
+- Message validation
+- Rate limiting (configurable)
+- Secure session storage
+
+## Integration
+
+Designed to work with:
+
+- **bridge-worker**: Processes WhatsApp message jobs
+- **bridge-frontend**: Manages bot configuration
+- External webhooks for message routing
+
+## Docker Support
+
+```bash
+# Build image
+docker build -t link-stack/bridge-whatsapp .
+
+# Run container
+docker run -p 5000:5000 link-stack/bridge-whatsapp
+```
+
+## Testing
+
+While test configuration exists (jest.config.json), tests should be implemented for:
+
+- API endpoint validation
+- Message processing logic
+- Session management
+- Error scenarios
--- a/apps/bridge-whatsapp/docker-entrypoint.sh
+++ b/apps/bridge-whatsapp/docker-entrypoint.sh
@ -2,4 +2,4 @@

 set -e
 echo "starting bridge-whatsapp"
-exec dumb-init npm run start
+exec dumb-init pnpm run start
--- a/apps/bridge-whatsapp/package.json
+++ b/apps/bridge-whatsapp/package.json
@ -1,26 +1,29 @@
 {
  "name": "@link-stack/bridge-whatsapp",
-  "version": "2.2.0",
+  "version": "3.3.0",
  "main": "build/main/index.js",
  "author": "Darren Clarke <darren@redaranj.com>",
  "license": "AGPL-3.0-or-later",
  "dependencies": {
    "@adiwajshing/keyed-db": "0.2.4",
-    "@hapi/hapi": "^21.3.10",
+    "@hapi/hapi": "^21.4.3",
    "@hapipal/schmervice": "^3.0.0",
    "@hapipal/toys": "^4.0.0",
-    "@whiskeysockets/baileys": "^6.7.8",
-    "hapi-pino": "^12.1.0",
-    "link-preview-js": "^3.0.5"
+    "@link-stack/bridge-common": "workspace:*",
+    "@link-stack/logger": "workspace:*",
+    "@whiskeysockets/baileys": "^6.7.21",
+    "hapi-pino": "^13.0.0",
+    "link-preview-js": "^3.1.0"
  },
  "devDependencies": {
-    "@link-stack/eslint-config": "*",
-    "@link-stack/jest-config": "*",
-    "@link-stack/typescript-config": "*",
+    "@link-stack/eslint-config": "workspace:*",
+    "@link-stack/jest-config": "workspace:*",
+    "@link-stack/typescript-config": "workspace:*",
+    "@types/long": "^5",
    "@types/node": "*",
-    "dotenv-cli": "^7.4.2",
-    "tsx": "^4.19.1",
-    "typescript": "^5.6.2"
+    "dotenv-cli": "^10.0.0",
+    "tsx": "^4.20.6",
+    "typescript": "^5.9.3"
  },
  "scripts": {
    "build": "tsc -p tsconfig.json",
--- a/apps/bridge-whatsapp/src/index.ts
+++ b/apps/bridge-whatsapp/src/index.ts
@ -9,6 +9,9 @@ import {
  SendMessageRoute,
  ReceiveMessageRoute,
 } from "./routes.js";
+import { createLogger } from "@link-stack/logger";
+
+const logger = createLogger('bridge-whatsapp-index');

 const server = Hapi.server({ port: 5000 });

@ -34,6 +37,6 @@ const main = async () => {
 };

 main().catch((err) => {
-  console.error(err);
+  logger.error(err);
  process.exit(1);
 });
--- a/apps/bridge-whatsapp/src/routes.ts
+++ b/apps/bridge-whatsapp/src/routes.ts
@ -17,6 +17,7 @@ const getService = (request: Hapi.Request): WhatsappService => {
 interface MessageRequest {
  phoneNumber: string;
  message: string;
+  attachments?: Array<{ data: string; filename: string; mime_type: string }>;
 }

 export const SendMessageRoute = withDefaults({
@ -26,11 +27,23 @@ export const SendMessageRoute = withDefaults({
    description: "Send a message",
    async handler(request: Hapi.Request, _h: Hapi.ResponseToolkit) {
      const { id } = request.params;
-      console.log({ payload: request.payload });
-      const { phoneNumber, message } = request.payload as MessageRequest;
+      const { phoneNumber, message, attachments } =
+        request.payload as MessageRequest;
      const whatsappService = getService(request);
-      await whatsappService.send(id, phoneNumber, message as string);
-      request.logger.info({ id }, "Sent a message at %s", new Date());
+      await whatsappService.send(
+        id,
+        phoneNumber,
+        message as string,
+        attachments,
+      );
+      request.logger.info(
+        {
+          id,
+          attachmentCount: attachments?.length || 0,
+        },
+        "Sent a message at %s",
+        new Date().toISOString(),
+      );

      return _h
        .response({
@ -56,7 +69,7 @@ export const ReceiveMessageRoute = withDefaults({
      const date = new Date();
      const twoDaysAgo = new Date(date.getTime());
      twoDaysAgo.setDate(date.getDate() - 2);
-      request.logger.info({ id }, "Received messages at %s", new Date());
+      request.logger.info({ id }, "Received messages at %s", new Date().toISOString());

      return whatsappService.receive(id, twoDaysAgo);
    },
--- a/apps/bridge-whatsapp/src/service.ts
+++ b/apps/bridge-whatsapp/src/service.ts
@ -11,6 +11,14 @@ import makeWASocket, {
  useMultiFileAuthState,
 } from "@whiskeysockets/baileys";
 import fs from "fs";
+import { createLogger } from "@link-stack/logger";
+import {
+  getMaxAttachmentSize,
+  getMaxTotalAttachmentSize,
+  MAX_ATTACHMENTS,
+} from "@link-stack/bridge-common";
+
+const logger = createLogger("bridge-whatsapp-service");

 export type AuthCompleteCallback = (error?: string) => void;

@ -33,7 +41,24 @@ export default class WhatsappService extends Service {
  }

  getBotDirectory(id: string): string {
-    return `${this.getBaseDirectory()}/${id}`;
+    // Validate that ID contains only safe characters (alphanumeric, dash, underscore)
+    if (!/^[a-zA-Z0-9_-]+$/.test(id)) {
+      throw new Error(`Invalid bot ID format: ${id}`);
+    }
+
+    // Prevent path traversal by checking for suspicious patterns
+    if (id.includes('..') || id.includes('/') || id.includes('\\')) {
+      throw new Error(`Path traversal detected in bot ID: ${id}`);
+    }
+
+    const botPath = `${this.getBaseDirectory()}/${id}`;
+
+    // Ensure the resolved path is still within the base directory
+    if (!botPath.startsWith(this.getBaseDirectory())) {
+      throw new Error(`Invalid bot path: ${botPath}`);
+    }
+
+    return botPath;
  }

  getAuthDirectory(id: string): string {
@ -57,7 +82,7 @@ export default class WhatsappService extends Service {
      try {
        connection.end(null);
      } catch (error) {
-        console.log(error);
+        logger.error({ error }, "Connection reset error");
      }
    }
    this.connections = {};
@ -92,27 +117,27 @@ export default class WhatsappService extends Service {
          isNewLogin,
        } = update;
        if (qr) {
-          console.log("got qr code");
+          logger.info("got qr code");
          const botDirectory = this.getBotDirectory(botID);
          const qrPath = `${botDirectory}/qr.txt`;
          fs.writeFileSync(qrPath, qr, "utf8");
        } else if (isNewLogin) {
-          console.log("got new login");
+          logger.info("got new login");
          const botDirectory = this.getBotDirectory(botID);
          const verifiedFile = `${botDirectory}/verified`;
          fs.writeFileSync(verifiedFile, "");
        } else if (connectionState === "open") {
-          console.log("opened connection");
+          logger.info("opened connection");
        } else if (connectionState === "close") {
-          console.log("connection closed due to ", lastDisconnect?.error);
+          logger.info({ lastDisconnect }, "connection closed");
          const disconnectStatusCode = (lastDisconnect?.error as any)?.output
            ?.statusCode;
          if (disconnectStatusCode === DisconnectReason.restartRequired) {
-            console.log("reconnecting after got new login");
+            logger.info("reconnecting after got new login");
            await this.createConnection(botID, server, options);
            authCompleteCallback?.();
          } else if (disconnectStatusCode !== DisconnectReason.loggedOut) {
-            console.log("reconnecting");
+            logger.info("reconnecting");
            await this.sleep(pause);
            pause *= 2;
            this.createConnection(botID, server, options);
@ -121,12 +146,12 @@ export default class WhatsappService extends Service {
      }

      if (events["creds.update"]) {
-        console.log("creds update");
+        logger.info("creds update");
        await saveCreds();
      }

      if (events["messages.upsert"]) {
-        console.log("messages upsert");
+        logger.info("messages upsert");
        const upsert = events["messages.upsert"];
        const { messages } = upsert;
        if (messages) {
@ -143,13 +168,16 @@ export default class WhatsappService extends Service {

    const baseDirectory = this.getBaseDirectory();
    const botIDs = fs.readdirSync(baseDirectory);
-    console.log({ botIDs });
+
    for await (const botID of botIDs) {
      const directory = this.getBotDirectory(botID);
      const verifiedFile = `${directory}/verified`;
      if (fs.existsSync(verifiedFile)) {
        const { version, isLatest } = await fetchLatestBaileysVersion();
-        console.log(`using WA v${version.join(".")}, isLatest: ${isLatest}`);
+        logger.info(
+          { version: version.join("."), isLatest },
+          "using WA version",
+        );

        await this.createConnection(botID, this.server, {
          browser: WhatsappService.browserDescription,
@ -169,7 +197,13 @@ export default class WhatsappService extends Service {
      message,
      messageTimestamp,
    } = webMessageInfo;
-    console.log(webMessageInfo);
+    logger.info("Message type debug");
+    for (const key in message) {
+      logger.info(
+        { key, exists: !!message[key as keyof proto.IMessage] },
+        "Message field",
+      );
+    }
    const isValidMessage =
      message && remoteJid !== "status@broadcast" && !fromMe;
    if (isValidMessage) {
@ -186,19 +220,22 @@ export default class WhatsappService extends Service {
      if (isMediaMessage) {
        if (audioMessage) {
          messageType = "audio";
-          filename = id + "." + audioMessage.mimetype?.split("/").pop();
+          const extension = audioMessage.mimetype?.split("/").pop() || "audio";
+          filename = `${id}.${extension}`;
          mimeType = audioMessage.mimetype;
        } else if (documentMessage) {
          messageType = "document";
-          filename = documentMessage.fileName;
+          filename = documentMessage.fileName || `${id}.bin`;
          mimeType = documentMessage.mimetype;
        } else if (imageMessage) {
          messageType = "image";
-          filename = id + "." + imageMessage.mimetype?.split("/").pop();
+          const extension = imageMessage.mimetype?.split("/").pop() || "jpg";
+          filename = `${id}.${extension}`;
          mimeType = imageMessage.mimetype;
        } else if (videoMessage) {
          messageType = "video";
-          filename = id + "." + videoMessage.mimetype?.split("/").pop();
+          const extension = videoMessage.mimetype?.split("/").pop() || "mp4";
+          filename = `${id}.${extension}`;
          mimeType = videoMessage.mimetype;
        }

@ -271,8 +308,30 @@ export default class WhatsappService extends Service {
  }

  async unverify(botID: string): Promise<void> {
+    // Step 1: Close and remove the active connection if it exists
+    const connection = this.connections[botID];
+    if (connection?.socket) {
+      try {
+        // Properly close the WebSocket connection
+        await connection.socket.logout();
+      } catch (error) {
+        logger.warn({ botID, error }, "Error during logout, forcing disconnect");
+        try {
+          connection.socket.end(undefined);
+        } catch (endError) {
+          logger.warn({ botID, endError }, "Error ending socket connection");
+        }
+      }
+    }
+
+    // Step 2: Remove from in-memory connections
+    delete this.connections[botID];
+
+    // Step 3: Remove the bot directory (auth state, QR code, verified marker)
    const botDirectory = this.getBotDirectory(botID);
-    fs.rmSync(botDirectory, { recursive: true, force: true });
+    if (fs.existsSync(botDirectory)) {
+      fs.rmSync(botDirectory, { recursive: true, force: true });
+    }
  }

  async register(
@ -293,10 +352,75 @@ export default class WhatsappService extends Service {
    botID: string,
    phoneNumber: string,
    message: string,
+    attachments?: Array<{ data: string; filename: string; mime_type: string }>,
  ): Promise<void> {
    const connection = this.connections[botID]?.socket;
    const recipient = `${phoneNumber.replace(/\D+/g, "")}@s.whatsapp.net`;
-    await connection.sendMessage(recipient, { text: message });
+
+    // Send text message if provided
+    if (message) {
+      await connection.sendMessage(recipient, { text: message });
+    }
+
+    // Send attachments if provided with size validation
+    if (attachments && attachments.length > 0) {
+      const MAX_ATTACHMENT_SIZE = getMaxAttachmentSize();
+      const MAX_TOTAL_SIZE = getMaxTotalAttachmentSize();
+
+      if (attachments.length > MAX_ATTACHMENTS) {
+        throw new Error(`Too many attachments: ${attachments.length} (max ${MAX_ATTACHMENTS})`);
+      }
+
+      let totalSize = 0;
+
+      for (const attachment of attachments) {
+        // Calculate size before converting to buffer
+        const estimatedSize = (attachment.data.length * 3) / 4;
+
+        if (estimatedSize > MAX_ATTACHMENT_SIZE) {
+          logger.warn({
+            filename: attachment.filename,
+            size: estimatedSize,
+            maxSize: MAX_ATTACHMENT_SIZE
+          }, 'Attachment exceeds size limit, skipping');
+          continue;
+        }
+
+        totalSize += estimatedSize;
+        if (totalSize > MAX_TOTAL_SIZE) {
+          logger.warn({
+            totalSize,
+            maxTotalSize: MAX_TOTAL_SIZE
+          }, 'Total attachment size exceeds limit, skipping remaining');
+          break;
+        }
+
+        const buffer = Buffer.from(attachment.data, "base64");
+
+        if (attachment.mime_type.startsWith("image/")) {
+          await connection.sendMessage(recipient, {
+            image: buffer,
+            caption: attachment.filename,
+          });
+        } else if (attachment.mime_type.startsWith("video/")) {
+          await connection.sendMessage(recipient, {
+            video: buffer,
+            caption: attachment.filename,
+          });
+        } else if (attachment.mime_type.startsWith("audio/")) {
+          await connection.sendMessage(recipient, {
+            audio: buffer,
+            mimetype: attachment.mime_type,
+          });
+        } else {
+          await connection.sendMessage(recipient, {
+            document: buffer,
+            fileName: attachment.filename,
+            mimetype: attachment.mime_type,
+          });
+        }
+      }
+    }
  }

  async receive(
--- a/apps/bridge-whatsapp/tsconfig.json
+++ b/apps/bridge-whatsapp/tsconfig.json
@ -8,7 +8,7 @@
    "outDir": "build/main",
    "rootDir": "src",
    "skipLibCheck": true,
-    "types": ["node", "long"],
+    "types": ["node"],
    "lib": ["es2020", "DOM"],
    "composite": true
  },