Deploy: 2026-05-21 18:06:46

2026-05-21 18:06:46 +03:00
parent 71cef1de1d
commit a411acbdf6
3 changed files with 24 additions and 9 deletions
--- a/whatsapp-gateway/baileys-client.js
+++ b/whatsapp-gateway/baileys-client.js
@@ -12,7 +12,7 @@ if (!fs.existsSync(SESSIONS_DIR)) {
    fs.mkdirSync(SESSIONS_DIR, { recursive: true });
 }

-const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET || 'YOUR_SECRET_KEY_HERE';
+const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET;

 async function sendWebhook(webhook_url, payload) {
    try {
@@ -64,7 +64,7 @@ async function startSession(session_key, webhook_url) {
            const statusCode = lastDisconnect?.error?.output?.statusCode;
            const shouldReconnect = statusCode !== DisconnectReason.loggedOut;
            console.log(`Session ${session_key} connection closed. Reconnect: ${shouldReconnect}`);
-            
+
            if (shouldReconnect) {
                // Try reconnecting after a short delay
                sessions.delete(session_key);
@@ -80,8 +80,8 @@ async function startSession(session_key, webhook_url) {
        } else if (connection === 'open') {
            console.log(`Session ${session_key} connected successfully!`);
            // Parse phone number from the JID (e.g. 9665XXXXXXX@s.whatsapp.net)
-            const phone = sock.user.id.split(':')[0]; 
-            
+            const phone = sock.user.id.split(':')[0];
+
            await sendWebhook(webhook_url, {
                session_key,
                state: 'connected',
@@ -96,10 +96,10 @@ async function startSession(session_key, webhook_url) {
 async function disconnectSession(session_key) {
    const sock = sessions.get(session_key);
    if (sock) {
-        try { sock.logout(); } catch (e) {} // best effort
+        try { sock.logout(); } catch (e) { } // best effort
        sessions.delete(session_key);
    }
-    
+
    // Completely wipe the auth directory so a fresh session can be created next time
    const sessionFolder = path.join(SESSIONS_DIR, session_key);
    if (fs.existsSync(sessionFolder)) {
--- a/whatsapp-gateway/server.js
+++ b/whatsapp-gateway/server.js
@@ -28,11 +28,20 @@ app.use(express.json());

 const PORT = process.env.PORT || 3722;

-// Health check endpoint
+// Health check endpoint (Public)
 app.get('/health', (req, res) => {
    res.json({ status: 'healthy', service: 'Nabeh WhatsApp Gateway' });
 });

+// Security Middleware: Protect all /api/ routes
+app.use('/api', (req, res, next) => {
+    const secret = req.header('X-Webhook-Secret');
+    if (!process.env.WEBHOOK_SECRET || secret !== process.env.WEBHOOK_SECRET) {
+        return res.status(403).json({ error: 'Unauthorized gateway access' });
+    }
+    next();
+});
+
 // Start or retrieve a session
 app.post('/api/sessions/start', async (req, res) => {
    const { session_key, webhook_url } = req.body;