From a411acbdf6357a53dcd1f00f0e7d5adb0a542fb8 Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Thu, 21 May 2026 18:06:46 +0300 Subject: [PATCH] Deploy: 2026-05-21 18:06:46 --- backend/app/Controllers/WhatsAppController.php | 10 ++++++++-- whatsapp-gateway/baileys-client.js | 12 ++++++------ whatsapp-gateway/server.js | 11 ++++++++++- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/backend/app/Controllers/WhatsAppController.php b/backend/app/Controllers/WhatsAppController.php index a52212b..c10b48b 100644 --- a/backend/app/Controllers/WhatsAppController.php +++ b/backend/app/Controllers/WhatsAppController.php @@ -52,7 +52,10 @@ class WhatsAppController extends BaseController curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); - curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']); + curl_setopt($ch, CURLOPT_HTTPHEADER, [ + 'Content-Type: application/json', + 'X-Webhook-Secret: ' . getenv('WEBHOOK_SECRET') + ]); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); @@ -92,7 +95,10 @@ class WhatsAppController extends BaseController curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); - curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']); + curl_setopt($ch, CURLOPT_HTTPHEADER, [ + 'Content-Type: application/json', + 'X-Webhook-Secret: ' . getenv('WEBHOOK_SECRET') + ]); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); diff --git a/whatsapp-gateway/baileys-client.js b/whatsapp-gateway/baileys-client.js index 5bab93c..994fd6f 100644 --- a/whatsapp-gateway/baileys-client.js +++ b/whatsapp-gateway/baileys-client.js @@ -12,7 +12,7 @@ if (!fs.existsSync(SESSIONS_DIR)) { fs.mkdirSync(SESSIONS_DIR, { recursive: true }); } -const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET || 'YOUR_SECRET_KEY_HERE'; +const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET; async function sendWebhook(webhook_url, payload) { try { @@ -64,7 +64,7 @@ async function startSession(session_key, webhook_url) { const statusCode = lastDisconnect?.error?.output?.statusCode; const shouldReconnect = statusCode !== DisconnectReason.loggedOut; console.log(`Session ${session_key} connection closed. Reconnect: ${shouldReconnect}`); - + if (shouldReconnect) { // Try reconnecting after a short delay sessions.delete(session_key); @@ -80,8 +80,8 @@ async function startSession(session_key, webhook_url) { } else if (connection === 'open') { console.log(`Session ${session_key} connected successfully!`); // Parse phone number from the JID (e.g. 9665XXXXXXX@s.whatsapp.net) - const phone = sock.user.id.split(':')[0]; - + const phone = sock.user.id.split(':')[0]; + await sendWebhook(webhook_url, { session_key, state: 'connected', @@ -96,10 +96,10 @@ async function startSession(session_key, webhook_url) { async function disconnectSession(session_key) { const sock = sessions.get(session_key); if (sock) { - try { sock.logout(); } catch (e) {} // best effort + try { sock.logout(); } catch (e) { } // best effort sessions.delete(session_key); } - + // Completely wipe the auth directory so a fresh session can be created next time const sessionFolder = path.join(SESSIONS_DIR, session_key); if (fs.existsSync(sessionFolder)) { diff --git a/whatsapp-gateway/server.js b/whatsapp-gateway/server.js index f954d5a..f539c73 100644 --- a/whatsapp-gateway/server.js +++ b/whatsapp-gateway/server.js @@ -28,11 +28,20 @@ app.use(express.json()); const PORT = process.env.PORT || 3722; -// Health check endpoint +// Health check endpoint (Public) app.get('/health', (req, res) => { res.json({ status: 'healthy', service: 'Nabeh WhatsApp Gateway' }); }); +// Security Middleware: Protect all /api/ routes +app.use('/api', (req, res, next) => { + const secret = req.header('X-Webhook-Secret'); + if (!process.env.WEBHOOK_SECRET || secret !== process.env.WEBHOOK_SECRET) { + return res.status(403).json({ error: 'Unauthorized gateway access' }); + } + next(); +}); + // Start or retrieve a session app.post('/api/sessions/start', async (req, res) => { const { session_key, webhook_url } = req.body;