saving credential in session cookies

Author: jrCleber

src/config/env.config.ts

@@ -113,9 +113,8 @@ export type EventsWebhook = {
   NEW_JWT_TOKEN: boolean;
 };
 
-export type ApiKey = { KEY: string };
 export type Jwt = { EXPIRIN_IN: number; SECRET: string };
-export type Auth = { API_KEY: ApiKey; JWT: Jwt; TYPE: 'jwt' | 'apikey' };
+export type Auth = { API_KEY: string; JWT: Jwt; TYPE: 'jwt' | 'apikey' };
 
 export type DelInstance = number | boolean;
 
@@ -124,7 +123,6 @@ export type SslConf = { PRIVKEY: string; FULLCHAIN: string };
 export type Webhook = { GLOBAL?: GlobalWebhook; EVENTS: EventsWebhook };
 export type ConfigSessionPhone = { CLIENT: string; NAME: string };
 export type QrCode = { LIMIT: number };
-export type Production = boolean;
 
 export interface Env {
   SERVER: HttpServer;
@@ -139,7 +137,8 @@ export interface Env {
   CONFIG_SESSION_PHONE: ConfigSessionPhone;
   QRCODE: QrCode;
   AUTHENTICATION: Auth;
-  PRODUCTION?: Production;
+  PRODUCTION?: boolean;
+  SESSION_SECRET: string;
 }
 
 export type Key = keyof Env;
@@ -256,16 +255,15 @@ export class ConfigService {
       },
       AUTHENTICATION: {
         TYPE: process.env.AUTHENTICATION_TYPE as 'jwt',
-        API_KEY: {
-          KEY: process.env.AUTHENTICATION_API_KEY,
-        },
+        API_KEY: process.env.AUTHENTICATION_API_KEY,
         JWT: {
           EXPIRIN_IN: Number.isInteger(process.env?.AUTHENTICATION_JWT_EXPIRIN_IN)
             ? Number.parseInt(process.env.AUTHENTICATION_JWT_EXPIRIN_IN)
             : 3600,
           SECRET: process.env.AUTHENTICATION_JWT_SECRET,
         },
       },
+      SESSION_SECRET: process.env.SESSION_SECRET,
     };
   }
 }

src/dev-env.yml

@@ -143,10 +143,11 @@ QRCODE:
 AUTHENTICATION:
   TYPE: jwt # or apikey->(deprecated)
   # Define a global apikey to access all instances
-  API_KEY:
-    # OBS: This key must be inserted in the request header to create an instance.
-    KEY: zYzP7ocstxh3SJ23D4FZTCu4ehnM8v4hu
+  # OBS: This key must be inserted in the request header to create an instance.
+  API_KEY: zYzP7ocstxh3SJ23D4FZTCu4ehnM8v4hu
   # Set the secret key to encrypt and decrypt your token and its expiration time.
   JWT:
     EXPIRIN_IN: 0 # seconds - 3600s === 1h | zero (0) - never expires
     SECRET: 3RFYiiRmvNiokSBrLZzx
+
+SESSION_SECRET: W0NvZGVDaGF0XTpbU2Vzc2lvbiBTZWNyZXQgS2V5Ll0=

src/main.ts

@@ -46,6 +46,7 @@ import { HttpStatus, router } from './whatsapp/routers/index.router';
 import 'express-async-errors';
 import { ServerUP } from './utils/server-up';
 import { swaggerRouter } from './docs/swagger.conf';
+import session from 'express-session';
 
 function initWA() {
   waMonitor.loadInstance();
@@ -55,6 +56,8 @@ function bootstrap() {
   const logger = new Logger('SERVER');
   const app = express();
 
+  logger.debug(configService.get<string>('SESSION_SECRET'));
+
   app.use(
     cors({
       origin(requestOrigin, callback) {
@@ -75,6 +78,15 @@ function bootstrap() {
     compression(),
   );
 
+  app.use(
+    session({
+      secret: configService.get<string>('SESSION_SECRET'),
+      resave: false,
+      saveUninitialized: false,
+      name: 'codechat.api.sid',
+    }),
+  );
+
   app.set('view engine', 'hbs');
   app.set('views', join(ROOT_DIR, 'views'));
   app.use(express.static(join(ROOT_DIR, 'public')));

src/whatsapp/controllers/instance.controller.ts

@@ -50,6 +50,7 @@ import { WAMonitoringService } from '../services/monitor.service';
 import { WAStartupService } from '../services/whatsapp.service';
 import { Logger } from '../../config/logger.config';
 import { RedisCache } from '../../db/redis.client';
+import { Request } from 'express';
 
 export class InstanceController {
   constructor(
@@ -63,28 +64,36 @@ export class InstanceController {
 
   private readonly logger = new Logger(InstanceController.name);
 
-  public async createInstance({ instanceName }: InstanceDto) {
-    const instance = new WAStartupService(
-      this.configService,
-      this.eventEmitter,
-      this.repository,
-      this.cache,
-    );
-    instance.instanceName = instanceName;
-    this.waMonitor.waInstances[instance.instanceName] = instance;
-    this.waMonitor.delInstanceTime(instance.instanceName);
-
-    const hash = await this.authService.generateHash({
-      instanceName: instance.instanceName,
-    });
+  public async createInstance({ instanceName }: InstanceDto, req: Request) {
+    try {
+      const instance = new WAStartupService(
+        this.configService,
+        this.eventEmitter,
+        this.repository,
+        this.cache,
+      );
+      instance.instanceName = instanceName;
+      this.waMonitor.waInstances[instance.instanceName] = instance;
+      this.waMonitor.delInstanceTime(instance.instanceName);
 
-    return {
-      instance: {
+      const hash = await this.authService.generateHash({
         instanceName: instance.instanceName,
-        status: 'created',
-      },
-      hash,
-    };
+      });
+
+      req.session[instance.instanceName] = Buffer.from(JSON.stringify(hash)).toString(
+        'base64',
+      );
+
+      return {
+        instance: {
+          instanceName: instance.instanceName,
+          status: 'created',
+        },
+        hash,
+      };
+    } catch (error) {
+      this.logger.error(error);
+    }
   }
 
   public async connectToWhatsapp({ instanceName }: InstanceDto) {
@@ -146,7 +155,11 @@ export class InstanceController {
     }
   }
 
-  public async refreshToken(_: InstanceDto, oldToken: OldToken) {
-    return await this.authService.refreshToken(oldToken);
+  public async refreshToken(instance: InstanceDto, oldToken: OldToken, req: Request) {
+    const token = await this.authService.refreshToken(oldToken);
+
+    req.session[instance.instanceName] = Buffer.from(JSON.stringify(token)).toString(
+      'base64',
+    );
   }
 }

src/whatsapp/controllers/views.controller.ts

@@ -36,16 +36,17 @@
  */
 
 import { Request, Response } from 'express';
-import { Auth, ConfigService } from '../../config/env.config';
 import { BadRequestException } from '../../exceptions';
 import { InstanceDto } from '../dto/instance.dto';
 import { HttpStatus } from '../routers/index.router';
 import { WAMonitoringService } from '../services/monitor.service';
+import { AuthRaw } from '../models';
+import { RepositoryBroker } from '../repository/repository.manager';
 
 export class ViewsController {
   constructor(
     private readonly waMonit: WAMonitoringService,
-    private readonly configService: ConfigService,
+    private readonly repository: RepositoryBroker,
   ) {}
 
   public async qrcode(request: Request, response: Response) {
@@ -55,9 +56,25 @@ export class ViewsController {
       if (instance.connectionStatus.state === 'open') {
         throw new BadRequestException('The instance is already connected');
       }
-      const type = this.configService.get<Auth>('AUTHENTICATION').TYPE;
 
-      return response.status(HttpStatus.OK).render('qrcode', { type, ...param });
+      let auth: AuthRaw;
+
+      if (!request?.session?.[param.instanceName]) {
+        auth = await this.repository.auth.find(param.instanceName);
+      } else {
+        auth = JSON.parse(
+          Buffer.from(request.session[param.instanceName], 'base64').toString('utf8'),
+        ) as AuthRaw;
+      }
+
+      const type = auth?.jwt ? 'jwt' : 'apikey';
+
+      return response.status(HttpStatus.OK).render('qrcode', {
+        ...param,
+        type,
+        auth,
+        connectionState: instance.connectionStatus.state,
+      });
     } catch (error) {
       console.log('ERROR: ', error);
     }

src/whatsapp/guards/auth.guard.ts

@@ -56,7 +56,7 @@ const logger = new Logger('GUARD');
 async function jwtGuard(req: Request, _: Response, next: NextFunction) {
   const key = req.get('apikey');
 
-  if (configService.get<Auth>('AUTHENTICATION').API_KEY.KEY === key) {
+  if (configService.get<Auth>('AUTHENTICATION').API_KEY === key) {
     return next();
   }
 
@@ -103,10 +103,10 @@ async function jwtGuard(req: Request, _: Response, next: NextFunction) {
  * @deprecated
  */
 async function apikey(req: Request, _: Response, next: NextFunction) {
-  const env = configService.get<Auth>('AUTHENTICATION').API_KEY;
+  const API_KEY = configService.get<Auth>('AUTHENTICATION').API_KEY;
   const key = req.get('apikey');
 
-  if (env.KEY === key) {
+  if (API_KEY === key) {
     return next();
   }
 

src/whatsapp/repository/auth.repository.ts

@@ -39,7 +39,7 @@ import { join } from 'path';
 import { Auth, ConfigService } from '../../config/env.config';
 import { IInsert, Repository } from '../abstract/abstract.repository';
 import { IAuthModel, AuthRaw } from '../models';
-import { readFileSync } from 'fs';
+import { readFileSync, readdirSync } from 'fs';
 import { AUTH_DIR } from '../../config/path.config';
 
 export class AuthRepository extends Repository {
@@ -82,11 +82,19 @@ export class AuthRepository extends Repository {
         return await this.authModel.findOne({ _id: instance });
       }
 
-      return JSON.parse(
-        readFileSync(join(AUTH_DIR, this.auth.TYPE, instance + '.json'), {
+      let authRaw: string;
+
+      if (readdirSync(join(AUTH_DIR, 'jwt')).find((i) => i === instance)) {
+        authRaw = readFileSync(join(AUTH_DIR, 'jwt', instance + '.json'), {
+          encoding: 'utf-8',
+        });
+      } else {
+        authRaw = readFileSync(join(AUTH_DIR, 'apikey', instance + '.json'), {
           encoding: 'utf-8',
-        }),
-      ) as AuthRaw;
+        });
+      }
+
+      return JSON.parse(authRaw) as AuthRaw;
     } catch (error) {
       return {};
     }

src/whatsapp/routers/instance.router.ts

@@ -53,7 +53,7 @@ export class InstanceRouter extends RouterBroker {
           request: req,
           schema: instanceNameSchema,
           ClassRef: InstanceDto,
-          execute: (instance) => instanceController.createInstance(instance),
+          execute: (instance) => instanceController.createInstance(instance, req),
         });
 
         return res.status(HttpStatus.CREATED).json(response);
@@ -115,7 +115,8 @@ export class InstanceRouter extends RouterBroker {
           request: req,
           schema: oldTokenSchema,
           ClassRef: OldToken,
-          execute: (_, data) => instanceController.refreshToken(_, data),
+          execute: (instance, data) =>
+            instanceController.refreshToken(instance, data, req),
         });
 
         return res.status(HttpStatus.CREATED).json(response);

src/whatsapp/services/whatsapp.service.ts

@@ -466,7 +466,7 @@ export class WAStartupService {
         browser,
         version,
         connectTimeoutMs: 60_000,
-        qrTimeout: 10_000,
+        qrTimeout: 40_000,
         emitOwnEvents: false,
         msgRetryCounterCache: this.msgRetryCounterCache,
         getMessage: this.getMessage as any,

views/qrcode.hbs

@@ -6,7 +6,8 @@
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet"
-      integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" 'unsafe-inline' crossorigin="anonymous">
+      integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" 'unsafe-inline'
+      crossorigin="anonymous">
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"
       integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
       crossorigin="anonymous"></script>
@@ -28,7 +29,6 @@
       <div id="display-qrcode">
          <h2 class="mb-3 text-secondary">Connect to whatsapp</h2>
          <div class="input-group mb-3">
-            <input id="input-auth" type="text" class="form-control" aria-describedby="btn-qr-g" value="" placeholder="{{type}}">
             <input id="input-session" type="text" class="form-control" aria-describedby="btn-qr-g" disabled
                value="{{instanceName}}">
             <button id="gen-qrcode" class="btn btn-success" type="submit">Generate qrcode</button>
@@ -48,12 +48,16 @@
 
       $('#gen-qrcode').click(() => {
 
-         const keyAuth = '{{type}}' === 'jwt'? 'authorization': 'apikey';
-         const valueAuth = '{{type}}' === 'jwt'? `Bearer ${$('#input-auth').val()}`: $('#input-auth').val()
+         const header = '{{type}}' === 'apikey'
+            ? { apikey: '{{auth.apikey}}' }
+            : { authorization: 'Bearer {{auth.jwt}}' };
+         
+         log({header})
+         return
 
          $.ajax({
             url: `/instance/connect/{{instanceName}}`,
-            headers: { [keyAuth]: valueAuth }, 
+            headers,
             type: 'GET',
             success: (qrcode, status) => {
                $(`#update-qrcode`).remove();
@@ -74,7 +78,7 @@
             },
             error: (error) => console.log(error),
          });
-         
+
       });
    </script>
 </body>