17 |
39 |
18 | 
19 |
21 |
22 |
27 |
28 |
38 |
19 | ${codeContent}`;
192 | } else {
193 | messageDiv.className = `chat-message ${message.type}`;
194 | messageDiv.textContent = message.content;
195 | }
196 |
197 | chatBody.appendChild(messageDiv);
198 | chatBody.scrollTop = chatBody.scrollHeight;
199 | }
200 | }, delay);
201 | });
202 | }
203 |
204 | function addTypingIndicator(chatBody) {
205 | // Remove existing typing indicator
206 | const existingIndicator = chatBody.querySelector('.typing-indicator');
207 | if (existingIndicator) {
208 | existingIndicator.remove();
209 | }
210 |
211 | // Add typing indicator
212 | const typingIndicator = document.createElement('div');
213 | typingIndicator.className = 'typing-indicator';
214 |
215 | for (let i = 0; i < 3; i++) {
216 | const dot = document.createElement('div');
217 | dot.className = 'typing-dot';
218 | typingIndicator.appendChild(dot);
219 | }
220 |
221 | chatBody.appendChild(typingIndicator);
222 | chatBody.scrollTop = chatBody.scrollHeight;
223 | }
224 |
225 | // Coffee animation
226 | function animateCoffee() {
227 | const coffeeSteam = document.querySelector('.coffee-steam');
228 | if (coffeeSteam) {
229 | coffeeSteam.style.opacity = '1';
230 |
231 | setTimeout(() => {
232 | coffeeSteam.style.opacity = '0';
233 |
234 | setTimeout(animateCoffee, 3000);
235 | }, 2000);
236 | }
237 | }
238 |
239 | // Smooth scrolling for all internal links
240 | document.querySelectorAll('a[href^="#"]').forEach(anchor => {
241 | anchor.addEventListener('click', function(e) {
242 | e.preventDefault();
243 |
244 | const targetId = this.getAttribute('href');
245 | const targetElement = document.querySelector(targetId);
246 |
247 | if (targetElement) {
248 | // Offset for fixed header
249 | const headerHeight = document.querySelector('header').offsetHeight;
250 | const targetPosition = targetElement.getBoundingClientRect().top + window.pageYOffset - headerHeight;
251 |
252 | window.scrollTo({
253 | top: targetPosition,
254 | behavior: 'smooth'
255 | });
256 | }
257 | });
258 | });
259 |
--------------------------------------------------------------------------------
/s3manager.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "bytes"
5 | "context"
6 | "fmt"
7 | "strings"
8 | "sync"
9 | "time"
10 |
11 | "github.com/aws/aws-sdk-go-v2/aws"
12 | "github.com/aws/aws-sdk-go-v2/credentials"
13 | "github.com/aws/aws-sdk-go-v2/service/s3"
14 | "github.com/aws/aws-sdk-go-v2/service/s3/types"
15 | "github.com/rs/zerolog/log"
16 | )
17 |
18 | // S3Config holds S3 configuration for a user
19 | type S3Config struct {
20 | Enabled bool
21 | Endpoint string
22 | Region string
23 | Bucket string
24 | AccessKey string
25 | SecretKey string
26 | PathStyle bool
27 | PublicURL string
28 | MediaDelivery string
29 | RetentionDays int
30 | }
31 |
32 | // S3Manager manages S3 operations
33 | type S3Manager struct {
34 | mu sync.RWMutex
35 | clients map[string]*s3.Client
36 | configs map[string]*S3Config
37 | }
38 |
39 | // Global S3 manager instance
40 | var s3Manager = &S3Manager{
41 | clients: make(map[string]*s3.Client),
42 | configs: make(map[string]*S3Config),
43 | }
44 |
45 | // GetS3Manager returns the global S3 manager instance
46 | func GetS3Manager() *S3Manager {
47 | return s3Manager
48 | }
49 |
50 | // InitializeS3Client creates or updates S3 client for a user
51 | func (m *S3Manager) InitializeS3Client(userID string, config *S3Config) error {
52 | if !config.Enabled {
53 | m.RemoveClient(userID)
54 | return nil
55 | }
56 |
57 | m.mu.Lock()
58 | defer m.mu.Unlock()
59 |
60 | // Create custom credentials provider
61 | credProvider := credentials.NewStaticCredentialsProvider(
62 | config.AccessKey,
63 | config.SecretKey,
64 | "",
65 | )
66 |
67 | // Configure S3 client
68 | cfg := aws.Config{
69 | Region: config.Region,
70 | Credentials: credProvider,
71 | }
72 |
73 | if config.Endpoint != "" {
74 | customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
75 | if service == s3.ServiceID {
76 | return aws.Endpoint{
77 | URL: config.Endpoint,
78 | HostnameImmutable: config.PathStyle,
79 | }, nil
80 | }
81 | return aws.Endpoint{}, &aws.EndpointNotFoundError{}
82 | })
83 | cfg.EndpointResolverWithOptions = customResolver
84 | }
85 |
86 | // Create S3 client
87 | client := s3.NewFromConfig(cfg, func(o *s3.Options) {
88 | o.UsePathStyle = config.PathStyle
89 | })
90 |
91 | m.clients[userID] = client
92 | m.configs[userID] = config
93 |
94 | log.Info().Str("userID", userID).Str("bucket", config.Bucket).Msg("S3 client initialized")
95 | return nil
96 | }
97 |
98 | // RemoveClient removes S3 client for a user
99 | func (m *S3Manager) RemoveClient(userID string) {
100 | m.mu.Lock()
101 | defer m.mu.Unlock()
102 |
103 | delete(m.clients, userID)
104 | delete(m.configs, userID)
105 | }
106 |
107 | // GetClient returns S3 client for a user
108 | func (m *S3Manager) GetClient(userID string) (*s3.Client, *S3Config, bool) {
109 | m.mu.RLock()
110 | defer m.mu.RUnlock()
111 |
112 | client, clientOk := m.clients[userID]
113 | config, configOk := m.configs[userID]
114 |
115 | return client, config, clientOk && configOk
116 | }
117 |
118 | // GenerateS3Key generates S3 object key based on message metadata
119 | func (m *S3Manager) GenerateS3Key(userID, contactJID, messageID string, mimeType string, isIncoming bool) string {
120 | // Determine direction
121 | direction := "outbox"
122 | if isIncoming {
123 | direction = "inbox"
124 | }
125 |
126 | // Clean contact JID
127 | contactJID = strings.ReplaceAll(contactJID, "@", "_")
128 | contactJID = strings.ReplaceAll(contactJID, ":", "_")
129 |
130 | // Get current time
131 | now := time.Now()
132 | year := now.Format("2025")
133 | month := now.Format("05")
134 | day := now.Format("25")
135 |
136 | // Determine media type folder
137 | mediaType := "documents"
138 | if strings.HasPrefix(mimeType, "image/") {
139 | mediaType = "images"
140 | } else if strings.HasPrefix(mimeType, "video/") {
141 | mediaType = "videos"
142 | } else if strings.HasPrefix(mimeType, "audio/") {
143 | mediaType = "audio"
144 | }
145 |
146 | // Get file extension
147 | ext := ".bin"
148 | switch {
149 | case strings.Contains(mimeType, "jpeg"), strings.Contains(mimeType, "jpg"):
150 | ext = ".jpg"
151 | case strings.Contains(mimeType, "png"):
152 | ext = ".png"
153 | case strings.Contains(mimeType, "gif"):
154 | ext = ".gif"
155 | case strings.Contains(mimeType, "webp"):
156 | ext = ".webp"
157 | case strings.Contains(mimeType, "mp4"):
158 | ext = ".mp4"
159 | case strings.Contains(mimeType, "webm"):
160 | ext = ".webm"
161 | case strings.Contains(mimeType, "ogg"):
162 | ext = ".ogg"
163 | case strings.Contains(mimeType, "opus"):
164 | ext = ".opus"
165 | case strings.Contains(mimeType, "pdf"):
166 | ext = ".pdf"
167 | case strings.Contains(mimeType, "doc"):
168 | if strings.Contains(mimeType, "docx") {
169 | ext = ".docx"
170 | } else {
171 | ext = ".doc"
172 | }
173 | }
174 |
175 | // Build S3 key
176 | key := fmt.Sprintf("users/%s/%s/%s/%s/%s/%s/%s/%s%s",
177 | userID,
178 | direction,
179 | contactJID,
180 | year,
181 | month,
182 | day,
183 | mediaType,
184 | messageID,
185 | ext,
186 | )
187 |
188 | return key
189 | }
190 |
191 | // UploadToS3 uploads file to S3 and returns the key
192 | func (m *S3Manager) UploadToS3(ctx context.Context, userID string, key string, data []byte, mimeType string) error {
193 | client, config, ok := m.GetClient(userID)
194 | if !ok {
195 | return fmt.Errorf("S3 client not initialized for user %s", userID)
196 | }
197 |
198 | // Set content type and cache headers for preview
199 | contentType := mimeType
200 | if contentType == "" {
201 | contentType = "application/octet-stream"
202 | }
203 |
204 | // Calculate expiration time based on retention days
205 | var expires *time.Time
206 | if config.RetentionDays > 0 {
207 | expirationTime := time.Now().Add(time.Duration(config.RetentionDays) * 24 * time.Hour)
208 | expires = &expirationTime
209 | }
210 |
211 | input := &s3.PutObjectInput{
212 | Bucket: aws.String(config.Bucket),
213 | Key: aws.String(key),
214 | Body: bytes.NewReader(data),
215 | ContentType: aws.String(contentType),
216 | CacheControl: aws.String("public, max-age=3600"),
217 | ACL: types.ObjectCannedACLPublicRead,
218 | }
219 |
220 | if expires != nil {
221 | input.Expires = expires
222 | }
223 |
224 | // Add content disposition for inline preview
225 | if strings.HasPrefix(mimeType, "image/") || strings.HasPrefix(mimeType, "video/") || mimeType == "application/pdf" {
226 | input.ContentDisposition = aws.String("inline")
227 | }
228 |
229 | _, err := client.PutObject(ctx, input)
230 | if err != nil {
231 | return fmt.Errorf("failed to upload to S3: %w", err)
232 | }
233 |
234 | return nil
235 | }
236 |
237 | // GetPublicURL generates public URL for S3 object
238 | func (m *S3Manager) GetPublicURL(userID, key string) string {
239 | _, config, ok := m.GetClient(userID)
240 | if !ok {
241 | return ""
242 | }
243 |
244 | // Use custom public URL if configured
245 | if config.PublicURL != "" {
246 | return fmt.Sprintf("%s/%s/%s", strings.TrimRight(config.PublicURL, "/"), config.Bucket, key)
247 | }
248 |
249 | // Generate standard S3 URL
250 | if config.PathStyle {
251 | return fmt.Sprintf("%s/%s/%s",
252 | strings.TrimRight(config.Endpoint, "/"),
253 | config.Bucket,
254 | key)
255 | }
256 |
257 | // Virtual hosted-style URL
258 | if strings.Contains(config.Endpoint, "amazonaws.com") {
259 | return fmt.Sprintf("https://%s.s3.%s.amazonaws.com/%s",
260 | config.Bucket,
261 | config.Region,
262 | key)
263 | }
264 |
265 | // For other S3-compatible services
266 | endpoint := strings.TrimPrefix(config.Endpoint, "https://")
267 | endpoint = strings.TrimPrefix(endpoint, "http://")
268 | return fmt.Sprintf("https://%s.%s/%s", config.Bucket, endpoint, key)
269 | }
270 |
271 | // TestConnection tests S3 connection
272 | func (m *S3Manager) TestConnection(ctx context.Context, userID string) error {
273 | client, config, ok := m.GetClient(userID)
274 | if !ok {
275 | return fmt.Errorf("S3 client not initialized for user %s", userID)
276 | }
277 |
278 | // Try to list objects with max 1 result
279 | input := &s3.ListObjectsV2Input{
280 | Bucket: aws.String(config.Bucket),
281 | MaxKeys: aws.Int32(1),
282 | }
283 |
284 | _, err := client.ListObjectsV2(ctx, input)
285 | return err
286 | }
287 |
288 | // ProcessMediaForS3 handles the complete media upload process
289 | func (m *S3Manager) ProcessMediaForS3(ctx context.Context, userID, contactJID, messageID string,
290 | data []byte, mimeType string, fileName string, isIncoming bool) (map[string]interface{}, error) {
291 |
292 | // Generate S3 key
293 | key := m.GenerateS3Key(userID, contactJID, messageID, mimeType, isIncoming)
294 |
295 | // Upload to S3
296 | err := m.UploadToS3(ctx, userID, key, data, mimeType)
297 | if err != nil {
298 | return nil, fmt.Errorf("failed to upload to S3: %w", err)
299 | }
300 |
301 | // Generate public URL
302 | publicURL := m.GetPublicURL(userID, key)
303 |
304 | // Return S3 metadata
305 | s3Data := map[string]interface{}{
306 | "url": publicURL,
307 | "key": key,
308 | "bucket": m.configs[userID].Bucket,
309 | "size": len(data),
310 | "mimeType": mimeType,
311 | "fileName": fileName,
312 | }
313 |
314 | return s3Data, nil
315 | }
316 |
317 | // DeleteAllUserObjects deletes all user files from S3
318 | func (m *S3Manager) DeleteAllUserObjects(ctx context.Context, userID string) error {
319 | client, config, ok := m.GetClient(userID)
320 | if !ok {
321 | return fmt.Errorf("S3 client not initialized for user %s", userID)
322 | }
323 |
324 | prefix := fmt.Sprintf("users/%s/", userID)
325 | var toDelete []types.ObjectIdentifier
326 | var continuationToken *string
327 |
328 | for {
329 | input := &s3.ListObjectsV2Input{
330 | Bucket: aws.String(config.Bucket),
331 | Prefix: aws.String(prefix),
332 | ContinuationToken: continuationToken,
333 | }
334 | output, err := client.ListObjectsV2(ctx, input)
335 | if err != nil {
336 | return fmt.Errorf("failed to list objects for user %s: %w", userID, err)
337 | }
338 |
339 | for _, obj := range output.Contents {
340 | toDelete = append(toDelete, types.ObjectIdentifier{Key: obj.Key})
341 | // Delete in batches of 1000 (S3 limit)
342 | if len(toDelete) == 1000 {
343 | _, err := client.DeleteObjects(ctx, &s3.DeleteObjectsInput{
344 | Bucket: aws.String(config.Bucket),
345 | Delete: &types.Delete{Objects: toDelete},
346 | })
347 | if err != nil {
348 | return fmt.Errorf("failed to delete objects for user %s: %w", userID, err)
349 | }
350 | toDelete = nil
351 | }
352 | }
353 |
354 | if output.IsTruncated != nil && *output.IsTruncated && output.NextContinuationToken != nil {
355 | continuationToken = output.NextContinuationToken
356 | } else {
357 | break
358 | }
359 | }
360 |
361 | // Delete any remaining objects
362 | if len(toDelete) > 0 {
363 | _, err := client.DeleteObjects(ctx, &s3.DeleteObjectsInput{
364 | Bucket: aws.String(config.Bucket),
365 | Delete: &types.Delete{Objects: toDelete},
366 | })
367 | if err != nil {
368 | return fmt.Errorf("failed to delete objects for user %s: %w", userID, err)
369 | }
370 | }
371 |
372 | log.Info().Str("userID", userID).Msg("all user files removed from S3")
373 | return nil
374 | }
375 |
--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "context"
5 | "flag"
6 | "fmt"
7 | "math/rand"
8 | "net"
9 | "net/http"
10 | "os"
11 | "os/signal"
12 | "path/filepath"
13 | "strconv"
14 | "strings"
15 | "sync"
16 | "syscall"
17 | "time"
18 |
19 | "go.mau.fi/whatsmeow/store/sqlstore"
20 | waLog "go.mau.fi/whatsmeow/util/log"
21 |
22 | "github.com/gorilla/mux"
23 | "github.com/jmoiron/sqlx"
24 | "github.com/joho/godotenv"
25 | _ "github.com/lib/pq"
26 | "github.com/patrickmn/go-cache"
27 | "github.com/rs/zerolog"
28 | "github.com/rs/zerolog/log"
29 | )
30 |
31 | // ServerMode represents the server operating mode
32 | type ServerMode int
33 |
34 | const (
35 | HTTP ServerMode = iota
36 | Stdio
37 | )
38 |
39 | type server struct {
40 | db *sqlx.DB
41 | router *mux.Router
42 | exPath string
43 | mode ServerMode
44 | }
45 |
46 | // Replace the global variables
47 | var (
48 | address = flag.String("address", "0.0.0.0", "Bind IP Address")
49 | port = flag.String("port", "8080", "Listen Port")
50 | waDebug = flag.String("wadebug", "", "Enable whatsmeow debug (INFO or DEBUG)")
51 | logType = flag.String("logtype", "console", "Type of log output (console or json)")
52 | skipMedia = flag.Bool("skipmedia", false, "Do not attempt to download media in messages")
53 | osName = flag.String("osname", "Mac OS 10", "Connection OSName in Whatsapp")
54 | colorOutput = flag.Bool("color", false, "Enable colored output for console logs")
55 | sslcert = flag.String("sslcertificate", "", "SSL Certificate File")
56 | sslprivkey = flag.String("sslprivatekey", "", "SSL Certificate Private Key File")
57 | adminToken = flag.String("admintoken", "", "Security Token to authorize admin actions (list/create/remove users)")
58 | globalEncryptionKey = flag.String("globalencryptionkey", "", "Encryption key for sensitive data (32 bytes)")
59 | globalHMACKey = flag.String("globalhmackey", "", "Global HMAC key for webhook signing")
60 | globalWebhook = flag.String("globalwebhook", "", "Global webhook URL to receive all events from all users")
61 | versionFlag = flag.Bool("version", false, "Display version information and exit")
62 | mode = flag.String("mode", "http", "Server mode: http or stdio")
63 | dataDir = flag.String("datadir", "", "Data directory for database and session files (defaults to executable directory)")
64 |
65 | globalHMACKeyEncrypted []byte
66 |
67 | webhookRetryEnabled = flag.Bool("webhookretry", true, "Enable webhook retry mechanism")
68 | webhookRetryCount = flag.Int("retrycount", 5, "Number of times to retry failed webhooks")
69 | webhookRetryDelaySeconds = flag.Int("retrydelay", 30, "Delay in seconds between webhook retries")
70 | webhookErrorQueueName = flag.String("errorqueue", "webhook_errors", "RabbitMQ queue name for failed webhooks")
71 |
72 | container *sqlstore.Container
73 | clientManager = NewClientManager()
74 | killchannel = make(map[string](chan bool))
75 | userinfocache = cache.New(5*time.Minute, 10*time.Minute)
76 | lastMessageCache = cache.New(24*time.Hour, 24*time.Hour)
77 | globalHTTPClient = newSafeHTTPClient()
78 | )
79 |
80 | var privateIPBlocks []*net.IPNet
81 |
82 | const version = "1.0.5"
83 |
84 | func newSafeHTTPClient() *http.Client {
85 | return &http.Client{
86 | Timeout: 60 * time.Second,
87 | Transport: &http.Transport{
88 | DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
89 | host, port, err := net.SplitHostPort(addr)
90 | if err != nil {
91 | return nil, fmt.Errorf("unexpected address format from http transport: %q: %w", addr, err)
92 | }
93 |
94 | ips, err := net.LookupIP(host)
95 | if err != nil {
96 | return nil, fmt.Errorf("failed to resolve host '%s': %w", host, err)
97 | }
98 | if len(ips) == 0 {
99 | return nil, fmt.Errorf("no IP addresses found for host: %s", host)
100 | }
101 |
102 | var (
103 | lastDialErr error
104 | ssrfDetected bool
105 | ssrfLastError error
106 | )
107 |
108 | for _, ip := range ips {
109 | if isPrivateOrLoopback(ip) {
110 | log.Warn().Str("ip", ip.String()).Str("host", host).Msg("SSRF attempt detected: refused to connect to private or local address")
111 | ssrfDetected = true
112 | if ssrfLastError == nil {
113 | ssrfLastError = fmt.Errorf("ssrf attempt detected: host '%s' resolves to one or more private IP addresses", host)
114 | }
115 | continue
116 | }
117 |
118 | dialer := &net.Dialer{
119 | Timeout: 4 * time.Second,
120 | KeepAlive: 30 * time.Second,
121 | }
122 |
123 | connAddr := net.JoinHostPort(ip.String(), port)
124 | conn, err := dialer.DialContext(ctx, network, connAddr)
125 | if err == nil {
126 | return conn, nil
127 | }
128 | lastDialErr = err
129 | }
130 |
131 | if lastDialErr != nil {
132 | return nil, lastDialErr
133 | }
134 | if ssrfDetected {
135 | return nil, ssrfLastError
136 | }
137 | if lastDialErr != nil {
138 | return nil, lastDialErr
139 | }
140 | return nil, fmt.Errorf("no dialable IP addresses found for host %s", host)
141 | },
142 | },
143 | }
144 | }
145 |
146 | func isPrivateOrLoopback(ip net.IP) bool {
147 | if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
148 | return true
149 | }
150 | for _, block := range privateIPBlocks {
151 | if block.Contains(ip) {
152 | return true
153 | }
154 | }
155 | return false
156 | }
157 |
158 | func main() {
159 | for _, cidr := range []string{
160 | "127.0.0.0/8", // IPv4 loopback
161 | "10.0.0.0/8", // RFC1918
162 | "172.16.0.0/12", // RFC1918
163 | "192.168.0.0/16", // RFC1918
164 | "100.64.0.0/10", // RFC6598 Carrier-Grade NAT
165 | "169.254.0.0/16", // RFC3927 link-local
166 | "::1/128", // IPv6 loopback
167 | "fe80::/10", // IPv6 link-local
168 | } {
169 | _, block, err := net.ParseCIDR(cidr)
170 | if err != nil {
171 | log.Fatal().Err(err).Msgf("Failed to parse CIDR string: %s", cidr)
172 | }
173 | privateIPBlocks = append(privateIPBlocks, block)
174 | }
175 |
176 | err := godotenv.Load()
177 | if err != nil {
178 | log.Warn().Err(err).Msg("It was not possible to load the .env file (it may not exist).")
179 | }
180 |
181 | flag.Parse()
182 |
183 | // Check for address in environment variable if flag is default or empty
184 | if *address == "0.0.0.0" || *address == "" {
185 | if v := os.Getenv("WUZAPI_ADDRESS"); v != "" {
186 | *address = v
187 | log.Info().Str("address", v).Msg("Address configured from environment variable")
188 | }
189 | }
190 |
191 | // Check for port in environment variable if flag is default or empty
192 | if *port == "8080" || *port == "" {
193 | if v := os.Getenv("WUZAPI_PORT"); v != "" {
194 | *port = v
195 | log.Info().Str("port", v).Msg("Port configured from environment variable")
196 | }
197 | }
198 |
199 | if v := os.Getenv("WEBHOOK_RETRY_ENABLED"); v != "" {
200 | *webhookRetryEnabled = strings.ToLower(v) == "true" || v == "1"
201 | }
202 | if v := os.Getenv("WEBHOOK_RETRY_COUNT"); v != "" {
203 | if count, err := strconv.Atoi(v); err == nil {
204 | *webhookRetryCount = count
205 | }
206 | }
207 | if v := os.Getenv("WEBHOOK_RETRY_DELAY_SECONDS"); v != "" {
208 | if delay, err := strconv.Atoi(v); err == nil {
209 | *webhookRetryDelaySeconds = delay
210 | }
211 | }
212 | if v := os.Getenv("WEBHOOK_ERROR_QUEUE_NAME"); v != "" {
213 | *webhookErrorQueueName = v
214 | }
215 |
216 | log.Info().
217 | Bool("enabled", *webhookRetryEnabled).
218 | Int("count", *webhookRetryCount).
219 | Int("delay", *webhookRetryDelaySeconds).
220 | Str("queue", *webhookErrorQueueName).
221 | Msg("Webhook Retry Configured")
222 |
223 | // Novo bloco para sobrescrever o osName pelo ENV, se existir
224 | if v := os.Getenv("SESSION_DEVICE_NAME"); v != "" {
225 | *osName = v
226 | }
227 |
228 | if *versionFlag {
229 | fmt.Printf("WuzAPI version %s\n", version)
230 | os.Exit(0)
231 | }
232 |
233 | // In stdio mode, always log to stderr to avoid interfering with JSON responses on stdout
234 | logOutput := os.Stdout
235 | if *mode == "stdio" {
236 | logOutput = os.Stderr
237 | }
238 |
239 | if *logType == "json" {
240 | log.Logger = zerolog.New(logOutput).
241 | With().
242 | Timestamp().
243 | Str("role", filepath.Base(os.Args[0])).
244 | Logger()
245 | } else {
246 | output := zerolog.ConsoleWriter{
247 | Out: logOutput,
248 | TimeFormat: "2006-01-02 15:04:05 -07:00",
249 | NoColor: !*colorOutput,
250 | }
251 |
252 | output.FormatLevel = func(i interface{}) string {
253 | if i == nil {
254 | return ""
255 | }
256 | lvl := strings.ToUpper(i.(string))
257 | switch lvl {
258 | case "DEBUG":
259 | return "\x1b[34m" + lvl + "\x1b[0m"
260 | case "INFO":
261 | return "\x1b[32m" + lvl + "\x1b[0m"
262 | case "WARN":
263 | return "\x1b[33m" + lvl + "\x1b[0m"
264 | case "ERROR", "FATAL", "PANIC":
265 | return "\x1b[31m" + lvl + "\x1b[0m"
266 | default:
267 | return lvl
268 | }
269 | }
270 |
271 | log.Logger = zerolog.New(output).
272 | With().
273 | Timestamp().
274 | Str("role", filepath.Base(os.Args[0])).
275 | Logger()
276 | }
277 |
278 | // Setup timezone (after logger is configured)
279 | tz := os.Getenv("TZ")
280 | if tz != "" {
281 | loc, err := time.LoadLocation(tz)
282 | if err != nil {
283 | log.Warn().Err(err).Msgf("It was not possible to define TZ=%q, using UTC", tz)
284 | } else {
285 | time.Local = loc
286 | log.Info().Str("TZ", tz).Msg("Timezone defined")
287 | }
288 | }
289 |
290 | if *adminToken == "" {
291 | if v := os.Getenv("WUZAPI_ADMIN_TOKEN"); v != "" {
292 | *adminToken = v
293 | } else {
294 | // Generate a random token if none provided
295 | const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
296 | b := make([]byte, 32)
297 | for i := range b {
298 | b[i] = charset[rand.Intn(len(charset))]
299 | }
300 | *adminToken = string(b)
301 | log.Warn().Str("admin_token", *adminToken).Msg("No admin token provided, generated a random one")
302 | }
303 | }
304 |
305 | if *globalEncryptionKey == "" {
306 | if v := os.Getenv("WUZAPI_GLOBAL_ENCRYPTION_KEY"); v != "" {
307 | *globalEncryptionKey = v
308 | log.Info().Msg("Encryption key loaded from environment variable")
309 | } else {
310 | // Generate a random key if none provided
311 | const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
312 | b := make([]byte, 32)
313 | for i := range b {
314 | b[i] = charset[rand.Intn(len(charset))]
315 | }
316 | *globalEncryptionKey = string(b)
317 | log.Warn().Str("global_encryption_key", *globalEncryptionKey).Msg("No WUZAPI_GLOBAL_ENCRYPTION_KEY provided, generated a random one. " +
318 | "SAVE THIS KEY TO YOUR .ENV FILE OR ALL ENCRYPTED DATA WILL BE LOST ON RESTART!")
319 | }
320 | }
321 |
322 | // Check for global webhook in environment variable
323 | if *globalWebhook == "" {
324 | if v := os.Getenv("WUZAPI_GLOBAL_WEBHOOK"); v != "" {
325 | *globalWebhook = v
326 | log.Info().Str("global_webhook", v).Msg("Global webhook configured from environment variable")
327 | }
328 | } else {
329 | log.Info().Str("global_webhook", *globalWebhook).Msg("Global webhook configured from command line")
330 | }
331 |
332 | // Check for global HMAC key in environment variable
333 | if *globalHMACKey == "" {
334 | if v := os.Getenv("WUZAPI_GLOBAL_HMAC_KEY"); v != "" {
335 | *globalHMACKey = v
336 | log.Info().Msg("Global HMAC key configured from environment variable")
337 | } else {
338 | // Generate a random key if none provided
339 | const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
340 | b := make([]byte, 32)
341 | for i := range b {
342 | b[i] = charset[rand.Intn(len(charset))]
343 | }
344 | *globalHMACKey = string(b)
345 | log.Warn().Str("global_hmac_key", *globalHMACKey).Msg("No WUZAPI_GLOBAL_HMAC_KEY provided, generated a random one")
346 | }
347 |
348 | } else {
349 | log.Info().Msg("Global HMAC key configured from command line")
350 | }
351 |
352 | globalHMACKeyEncrypted, err = encryptHMACKey(*globalHMACKey)
353 | if err != nil {
354 | log.Error().Err(err).Msg("Failed to encrypt global HMAC key")
355 | } else {
356 | log.Info().Msg("Global HMAC key encrypted successfully")
357 | }
358 |
359 | InitRabbitMQ()
360 |
361 | ex, err := os.Executable()
362 | if err != nil {
363 | log.Fatal().Err(err).Msg("Failed to get executable path")
364 | panic(err)
365 | }
366 | exPath := filepath.Dir(ex)
367 |
368 | db, err := InitializeDatabase(exPath, *dataDir)
369 | if err != nil {
370 | log.Fatal().Err(err).Msg("Failed to initialize database")
371 | os.Exit(1)
372 | }
373 | // Defer cleanup of the database connection
374 | defer func() {
375 | if err := db.Close(); err != nil {
376 | log.Error().Err(err).Msg("Failed to close database connection")
377 | }
378 | }()
379 |
380 | // Initialize the schema
381 | if err = initializeSchema(db); err != nil {
382 | log.Fatal().Err(err).Msg("Failed to initialize schema")
383 | // Perform cleanup before exiting
384 | if err := db.Close(); err != nil {
385 | log.Error().Err(err).Msg("Failed to close database connection during cleanup")
386 | }
387 | os.Exit(1)
388 | }
389 |
390 | var dbLog waLog.Logger
391 | if *waDebug != "" {
392 | dbLog = waLog.Stdout("Database", *waDebug, *colorOutput)
393 | }
394 |
395 | // Get database configuration
396 | config := getDatabaseConfig(exPath, *dataDir)
397 | var storeConnStr string
398 | if config.Type == "postgres" {
399 | storeConnStr = fmt.Sprintf(
400 | "user=%s password=%s dbname=%s host=%s port=%s sslmode=%s",
401 | config.User, config.Password, config.Name, config.Host, config.Port, config.SSLMode,
402 | )
403 | container, err = sqlstore.New(context.Background(), "postgres", storeConnStr, dbLog)
404 | } else {
405 | storeConnStr = "file:" + filepath.Join(config.Path, "main.db") + "?_pragma=foreign_keys(1)&_busy_timeout=3000"
406 | container, err = sqlstore.New(context.Background(), "sqlite", storeConnStr, dbLog)
407 | }
408 |
409 | if err != nil {
410 | log.Fatal().Err(err).Msg("Error creating sqlstore")
411 | os.Exit(1)
412 | }
413 |
414 | serverMode := HTTP
415 | if *mode == "stdio" {
416 | serverMode = Stdio
417 | }
418 |
419 | s := &server{
420 | router: mux.NewRouter(),
421 | db: db,
422 | exPath: exPath,
423 | mode: serverMode,
424 | }
425 | s.routes()
426 |
427 | s.connectOnStartup()
428 |
429 | if serverMode == Stdio {
430 | startStdioMode(s)
431 | } else {
432 | startHTTPMode(s)
433 | }
434 | }
435 |
436 | func startHTTPMode(s *server) {
437 | srv := &http.Server{
438 | Addr: *address + ":" + *port,
439 | Handler: s.router,
440 | ReadHeaderTimeout: 20 * time.Second,
441 | ReadTimeout: 60 * time.Second,
442 | WriteTimeout: 120 * time.Second,
443 | IdleTimeout: 180 * time.Second,
444 | }
445 |
446 | done := make(chan os.Signal, 1)
447 | signal.Notify(done, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
448 |
449 | var once sync.Once
450 |
451 | // Wait for signals in a separate goroutine
452 | go func() {
453 | for {
454 | <-done
455 | once.Do(func() {
456 | log.Warn().Msg("Stopping server...")
457 |
458 | // Graceful shutdown logic
459 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
460 | defer cancel()
461 |
462 | if err := srv.Shutdown(ctx); err != nil {
463 | log.Error().Err(err).Msg("Failed to stop server")
464 | os.Exit(1)
465 | }
466 |
467 | log.Info().Msg("Server Exited Properly")
468 | os.Exit(0)
469 | })
470 | }
471 | }()
472 |
473 | go func() {
474 | if *sslcert != "" {
475 |
476 | if *sslcert != "" && *sslprivkey != "" {
477 | if _, err := os.Stat(*sslcert); os.IsNotExist(err) {
478 | log.Fatal().Err(err).Msg("SSL certificate file does not exist")
479 | }
480 | if _, err := os.Stat(*sslprivkey); os.IsNotExist(err) {
481 | log.Fatal().Err(err).Msg("SSL private key file does not exist")
482 | }
483 | }
484 | if err := srv.ListenAndServeTLS(*sslcert, *sslprivkey); err != nil && err != http.ErrServerClosed {
485 | log.Fatal().Err(err).Msg("HTTPS server failed to start")
486 | }
487 | } else {
488 | if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
489 | log.Fatal().Err(err).Msg("HTTP server failed to start")
490 | }
491 | }
492 | }()
493 | log.Info().Str("address", *address).Str("port", *port).Msg("Server started. Waiting for connections...")
494 | select {}
495 | }
496 |
497 | func startStdioMode(s *server) {
498 | stdioServer := NewStdioServer(s)
499 | if err := stdioServer.Start(); err != nil {
500 | log.Error().Err(err).Msg("Stdio server error")
501 | os.Exit(1)
502 | }
503 | log.Info().Msg("Stdio server exited properly")
504 | }
505 |
--------------------------------------------------------------------------------
/static/github-markdown-css/code-navigation-banner-illo.svg:
--------------------------------------------------------------------------------
1 |
72 |
--------------------------------------------------------------------------------
/stdio.go:
--------------------------------------------------------------------------------
1 | // Package main provides a JSON-RPC 2.0 server over stdin/stdout.
2 | //
3 | // This file implements a stdio-based JSON-RPC 2.0 interface that bridges
4 | // to the existing HTTP API handlers. It enables programmatic access to
5 | // wuzapi functionality through standard input/output, making it suitable
6 | // for use as a subprocess or in headless environments.
7 | //
8 | // The implementation:
9 | // - Reads newline-delimited JSON-RPC 2.0 requests from stdin
10 | // - Routes requests to existing HTTP handlers via httptest
11 | // - Writes JSON-RPC 2.0 responses to stdout
12 | // - Supports both notification and request/response patterns
13 | //
14 | // JSON-RPC methods map directly to HTTP endpoints (e.g., "user.login"
15 | // maps to POST /user/login). See JSON-RPC-API.md for available methods.
16 | //
17 | // Author: Alvaro Ramirez https://xenodium.com
18 | package main
19 |
20 | import (
21 | "bufio"
22 | "bytes"
23 | "encoding/json"
24 | "fmt"
25 | "io"
26 | "net/http/httptest"
27 | "os"
28 |
29 | "github.com/rs/zerolog/log"
30 | )
31 |
32 | // ID represents a JSON-RPC 2.0 request/response identifier
33 | // It can be either a string or number per the spec
34 | type ID struct {
35 | Num uint64
36 | Str string
37 | IsString bool // true if ID is a string, false if numeric
38 | IsSet bool // true if ID was present in JSON (not omitted)
39 | }
40 |
41 | // MarshalJSON implements json.Marshaler
42 | func (id ID) MarshalJSON() ([]byte, error) {
43 | if !id.IsSet {
44 | return []byte("null"), nil
45 | }
46 | if id.IsString {
47 | return json.Marshal(id.Str)
48 | }
49 | return json.Marshal(id.Num)
50 | }
51 |
52 | // UnmarshalJSON implements json.Unmarshaler
53 | func (id *ID) UnmarshalJSON(data []byte) error {
54 | // Try numeric first
55 | var num uint64
56 | if err := json.Unmarshal(data, &num); err == nil {
57 | *id = ID{Num: num, IsString: false, IsSet: true}
58 | return nil
59 | }
60 | // Fall back to string
61 | var str string
62 | if err := json.Unmarshal(data, &str); err != nil {
63 | return err
64 | }
65 | *id = ID{Str: str, IsString: true, IsSet: true}
66 | return nil
67 | }
68 |
69 | // String returns the ID as a string for logging/display
70 | func (id ID) String() string {
71 | if id.IsString {
72 | return id.Str
73 | }
74 | return fmt.Sprintf("%d", id.Num)
75 | }
76 |
77 | // jsonRpcRequest represents an incoming JSON request from stdin
78 | type jsonRpcRequest struct {
79 | ID ID `json:"id"`
80 | Method string `json:"method"`
81 | Params map[string]interface{} `json:"params,omitempty"`
82 | }
83 |
84 | // jsonRpcResponse represents an outgoing JSON response to stdout
85 | // Follows JSON-RPC 2.0 specification
86 | type jsonRpcResponse struct {
87 | JSONRPC string `json:"jsonrpc"`
88 | ID ID `json:"id"`
89 | Result *jsonResult `json:"result,omitempty"`
90 | Error *rpcError `json:"error,omitempty"`
91 | }
92 |
93 | // jsonResult wraps the result value so we can distinguish between
94 | // "no result" (nil pointer, omitted) and "null result" (pointer to nil)
95 | type jsonResult struct {
96 | Value interface{}
97 | }
98 |
99 | // MarshalJSON makes jsonResult marshal as its wrapped value
100 | func (r *jsonResult) MarshalJSON() ([]byte, error) {
101 | return json.Marshal(r.Value)
102 | }
103 |
104 | // rpcError represents a JSON-RPC 2.0 error object
105 | type rpcError struct {
106 | Code int `json:"code"`
107 | Message string `json:"message"`
108 | }
109 |
110 | // stdioServer handles stdin/stdout JSON-based API by wrapping HTTP handlers
111 | type stdioServer struct {
112 | server *server
113 | stdin io.Reader
114 | stdout io.Writer
115 | }
116 |
117 | // NewStdioServer creates a new stdio server instance
118 | func NewStdioServer(s *server) *stdioServer {
119 | return &stdioServer{
120 | server: s,
121 | stdin: os.Stdin,
122 | stdout: os.Stdout,
123 | }
124 | }
125 |
126 | // newStdioServerWithIO creates a stdio server with custom IO streams (for testing)
127 | func newStdioServerWithIO(s *server, stdin io.Reader, stdout io.Writer) *stdioServer {
128 | return &stdioServer{
129 | server: s,
130 | stdin: stdin,
131 | stdout: stdout,
132 | }
133 | }
134 |
135 | func (ss *stdioServer) Start() error {
136 | log.Info().Msg("Starting stdio mode - reading JSON requests from stdin")
137 |
138 | scanner := bufio.NewScanner(ss.stdin)
139 |
140 | const maxCapacity = 512 * 1024 // 512KB
141 | buf := make([]byte, maxCapacity)
142 | scanner.Buffer(buf, maxCapacity)
143 |
144 | for scanner.Scan() {
145 | line := scanner.Bytes()
146 | if len(line) == 0 {
147 | continue // Skip empty lines
148 | }
149 | ss.handleRequest(line)
150 | }
151 |
152 | // Scanner stopped, check why
153 | if err := scanner.Err(); err != nil {
154 | log.Error().Err(err).Msg("Error reading from stdin")
155 | return err
156 | }
157 |
158 | log.Info().Msg("EOF reached on stdin, shutting down")
159 | return nil
160 | }
161 |
162 | func (ss *stdioServer) handleRequest(requestBytes []byte) {
163 | var req jsonRpcRequest
164 | if err := json.Unmarshal(requestBytes, &req); err != nil {
165 | ss.sendError(ID{}, 400, fmt.Sprintf("invalid JSON request: %v", err))
166 | return
167 | }
168 | // ID is required - check if it was present in the JSON
169 | if !req.ID.IsSet {
170 | ss.sendError(ID{}, 400, "missing request id")
171 | return
172 | }
173 | if req.Method == "" {
174 | ss.sendError(req.ID, 400, "missing method")
175 | return
176 | }
177 | log.Info().
178 | Str("id", req.ID.String()).
179 | Str("method", req.Method).
180 | Msg("Processing stdio request")
181 | ss.routeRequest(&req)
182 | }
183 |
184 | // routeRequest dispatches the request to the appropriate HTTP handler
185 | // getUserIdParam extracts and validates userId from request params
186 | func (ss *stdioServer) getUserIdParam(req *jsonRpcRequest) (string, bool) {
187 | userId, ok := req.Params["userId"].(string)
188 | if !ok || userId == "" {
189 | ss.sendError(req.ID, 400, "missing or invalid userId parameter")
190 | return "", false
191 | }
192 | return userId, true
193 | }
194 |
195 | func (ss *stdioServer) routeRequest(req *jsonRpcRequest) {
196 | // Map stdio method to HTTP route and method
197 | var httpMethod, httpPath string
198 |
199 | switch req.Method {
200 | case "health":
201 | httpMethod = "GET"
202 | httpPath = "/health"
203 |
204 | // Admin user management
205 | case "admin.users.add":
206 | httpMethod = "POST"
207 | httpPath = "/admin/users"
208 | case "admin.users.list":
209 | httpMethod = "GET"
210 | httpPath = "/admin/users"
211 | case "admin.users.get":
212 | httpMethod = "GET"
213 | userId, ok := ss.getUserIdParam(req)
214 | if !ok {
215 | // Error sent by getUserIdParam.
216 | return
217 | }
218 | httpPath = "/admin/users/" + userId
219 | case "admin.users.delete":
220 | httpMethod = "DELETE"
221 | userId, ok := ss.getUserIdParam(req)
222 | if !ok {
223 | // Error sent by getUserIdParam.
224 | return
225 | }
226 | httpPath = "/admin/users/" + userId
227 | case "admin.users.edit":
228 | httpMethod = "PUT"
229 | userId, ok := ss.getUserIdParam(req)
230 | if !ok {
231 | // Error sent by getUserIdParam.
232 | return
233 | }
234 | httpPath = "/admin/users/" + userId
235 | case "admin.users.delete.full":
236 | httpMethod = "DELETE"
237 | userId, ok := ss.getUserIdParam(req)
238 | if !ok {
239 | // Error sent by getUserIdParam.
240 | return
241 | }
242 | httpPath = "/admin/users/" + userId + "/full"
243 |
244 | // Session management
245 | case "session.connect":
246 | httpMethod = "POST"
247 | httpPath = "/session/connect"
248 | case "session.qr":
249 | httpMethod = "GET"
250 | httpPath = "/session/qr"
251 | case "session.status":
252 | httpMethod = "GET"
253 | httpPath = "/session/status"
254 | case "session.disconnect":
255 | httpMethod = "POST"
256 | httpPath = "/session/disconnect"
257 | case "session.logout":
258 | httpMethod = "POST"
259 | httpPath = "/session/logout"
260 | case "session.pairphone":
261 | httpMethod = "POST"
262 | httpPath = "/session/pairphone"
263 | case "session.history":
264 | httpMethod = "GET"
265 | httpPath = "/session/history"
266 | case "session.history.set":
267 | httpMethod = "POST"
268 | httpPath = "/session/history"
269 | case "session.proxy":
270 | httpMethod = "POST"
271 | httpPath = "/session/proxy"
272 | case "session.hmac.config":
273 | httpMethod = "POST"
274 | httpPath = "/session/hmac/config"
275 | case "session.hmac.config.get":
276 | httpMethod = "GET"
277 | httpPath = "/session/hmac/config"
278 | case "session.hmac.config.delete":
279 | httpMethod = "DELETE"
280 | httpPath = "/session/hmac/config"
281 |
282 | // Messaging
283 | case "chat.send.text":
284 | httpMethod = "POST"
285 | httpPath = "/chat/send/text"
286 | case "chat.send.image":
287 | httpMethod = "POST"
288 | httpPath = "/chat/send/image"
289 | case "chat.send.video":
290 | httpMethod = "POST"
291 | httpPath = "/chat/send/video"
292 | case "chat.send.document":
293 | httpMethod = "POST"
294 | httpPath = "/chat/send/document"
295 | case "chat.send.audio":
296 | httpMethod = "POST"
297 | httpPath = "/chat/send/audio"
298 | case "chat.send.sticker":
299 | httpMethod = "POST"
300 | httpPath = "/chat/send/sticker"
301 | case "chat.send.location":
302 | httpMethod = "POST"
303 | httpPath = "/chat/send/location"
304 | case "chat.send.contact":
305 | httpMethod = "POST"
306 | httpPath = "/chat/send/contact"
307 | case "chat.send.poll":
308 | httpMethod = "POST"
309 | httpPath = "/chat/send/poll"
310 | case "chat.send.buttons":
311 | httpMethod = "POST"
312 | httpPath = "/chat/send/buttons"
313 | case "chat.send.list":
314 | httpMethod = "POST"
315 | httpPath = "/chat/send/list"
316 | case "chat.send.edit":
317 | httpMethod = "POST"
318 | httpPath = "/chat/send/edit"
319 | case "chat.delete":
320 | httpMethod = "POST"
321 | httpPath = "/chat/delete"
322 | case "chat.react":
323 | httpMethod = "POST"
324 | httpPath = "/chat/react"
325 | case "chat.archive":
326 | httpMethod = "POST"
327 | httpPath = "/chat/archive"
328 | case "chat.presence":
329 | httpMethod = "POST"
330 | httpPath = "/chat/presence"
331 | case "chat.markread":
332 | httpMethod = "POST"
333 | httpPath = "/chat/markread"
334 | case "chat.request-unavailable-message":
335 | httpMethod = "POST"
336 | httpPath = "/chat/request-unavailable-message"
337 | case "chat.download.image":
338 | httpMethod = "POST"
339 | httpPath = "/chat/downloadimage"
340 | case "chat.download.video":
341 | httpMethod = "POST"
342 | httpPath = "/chat/downloadvideo"
343 | case "chat.download.audio":
344 | httpMethod = "POST"
345 | httpPath = "/chat/downloadaudio"
346 | case "chat.download.document":
347 | httpMethod = "POST"
348 | httpPath = "/chat/downloaddocument"
349 | case "chat.history":
350 | httpMethod = "GET"
351 | chatJID, ok := req.Params["chat_jid"].(string)
352 | if !ok || chatJID == "" {
353 | ss.sendError(req.ID, 400, "missing or invalid chat_jid parameter")
354 | return
355 | }
356 | httpPath = "/chat/history?chat_jid=" + chatJID
357 | // Add optional limit parameter
358 | if limit, ok := req.Params["limit"].(float64); ok {
359 | httpPath += fmt.Sprintf("&limit=%d", int(limit))
360 | }
361 |
362 | // User info
363 | case "user.contacts":
364 | httpMethod = "GET"
365 | httpPath = "/user/contacts"
366 | case "user.presence":
367 | httpMethod = "POST"
368 | httpPath = "/user/presence"
369 | case "user.info":
370 | httpMethod = "POST"
371 | httpPath = "/user/info"
372 | case "user.check":
373 | httpMethod = "POST"
374 | httpPath = "/user/check"
375 | case "user.avatar":
376 | httpMethod = "POST"
377 | httpPath = "/user/avatar"
378 | case "user.lid":
379 | httpMethod = "GET"
380 | jid, ok := req.Params["jid"].(string)
381 | if !ok || jid == "" {
382 | ss.sendError(req.ID, 400, "missing or invalid jid parameter")
383 | return
384 | }
385 | httpPath = "/user/lid/" + jid
386 |
387 | // Status
388 | case "status.set.text":
389 | httpMethod = "POST"
390 | httpPath = "/status/set/text"
391 |
392 | // Calls
393 | case "call.reject":
394 | httpMethod = "POST"
395 | httpPath = "/call/reject"
396 |
397 | // Group management
398 | case "group.list":
399 | httpMethod = "GET"
400 | httpPath = "/group/list"
401 | case "group.create":
402 | httpMethod = "POST"
403 | httpPath = "/group/create"
404 | case "group.info":
405 | httpMethod = "GET"
406 | httpPath = "/group/info"
407 | case "group.invitelink":
408 | httpMethod = "GET"
409 | httpPath = "/group/invitelink"
410 | case "group.photo":
411 | httpMethod = "POST"
412 | httpPath = "/group/photo"
413 | case "group.photo.remove":
414 | httpMethod = "POST"
415 | httpPath = "/group/photo/remove"
416 | case "group.leave":
417 | httpMethod = "POST"
418 | httpPath = "/group/leave"
419 | case "group.name":
420 | httpMethod = "POST"
421 | httpPath = "/group/name"
422 | case "group.topic":
423 | httpMethod = "POST"
424 | httpPath = "/group/topic"
425 | case "group.announce":
426 | httpMethod = "POST"
427 | httpPath = "/group/announce"
428 | case "group.locked":
429 | httpMethod = "POST"
430 | httpPath = "/group/locked"
431 | case "group.ephemeral":
432 | httpMethod = "POST"
433 | httpPath = "/group/ephemeral"
434 | case "group.join":
435 | httpMethod = "POST"
436 | httpPath = "/group/join"
437 | case "group.inviteinfo":
438 | httpMethod = "POST"
439 | httpPath = "/group/inviteinfo"
440 | case "group.updateparticipants":
441 | httpMethod = "POST"
442 | httpPath = "/group/updateparticipants"
443 |
444 | // Newsletter
445 | case "newsletter.list":
446 | httpMethod = "GET"
447 | httpPath = "/newsletter/list"
448 |
449 | // Webhook management
450 | case "webhook.get":
451 | httpMethod = "GET"
452 | httpPath = "/webhook"
453 | case "webhook.set":
454 | httpMethod = "POST"
455 | httpPath = "/webhook"
456 | case "webhook.update":
457 | httpMethod = "PUT"
458 | httpPath = "/webhook"
459 | case "webhook.delete":
460 | httpMethod = "DELETE"
461 | httpPath = "/webhook"
462 |
463 | default:
464 | ss.sendError(req.ID, 404, fmt.Sprintf("unknown method: %s", req.Method))
465 | return
466 | }
467 | ss.executeHTTPHandler(req, httpMethod, httpPath)
468 | }
469 |
470 | // executeHTTPHandler wraps the existing HTTP handler and adapts it for stdio
471 | func (ss *stdioServer) executeHTTPHandler(req *jsonRpcRequest, httpMethod, httpPath string) {
472 | // Create a mock HTTP request
473 | var body io.Reader
474 | if req.Params != nil && len(req.Params) > 0 {
475 | jsonParams, err := json.Marshal(req.Params)
476 | if err != nil {
477 | ss.sendError(req.ID, 400, fmt.Sprintf("invalid params: %v", err))
478 | return
479 | }
480 | body = bytes.NewReader(jsonParams)
481 | }
482 |
483 | httpReq := httptest.NewRequest(httpMethod, httpPath, body)
484 | httpReq.Header.Set("Content-Type", "application/json")
485 |
486 | // Set user token header (for user authentication)
487 | if token, ok := req.Params["token"].(string); ok {
488 | httpReq.Header.Set("token", token)
489 | }
490 | // Set admin token header (for admin authentication)
491 | if adminToken, ok := req.Params["adminToken"].(string); ok {
492 | httpReq.Header.Set("Authorization", adminToken)
493 | }
494 |
495 | recorder := httptest.NewRecorder()
496 | ss.server.router.ServeHTTP(recorder, httpReq)
497 | ss.convertHTTPResponse(req.ID, recorder)
498 | }
499 |
500 | // convertHTTPResponse converts an HTTP response to a stdio response
501 | func (ss *stdioServer) convertHTTPResponse(requestID ID, recorder *httptest.ResponseRecorder) {
502 | statusCode := recorder.Code
503 | responseBody := recorder.Body.Bytes()
504 |
505 | var responseData interface{}
506 | if len(responseBody) > 0 {
507 | if err := json.Unmarshal(responseBody, &responseData); err != nil {
508 | // If it's not JSON, just use the raw string
509 | responseData = string(responseBody)
510 | }
511 | }
512 |
513 | success := statusCode >= 200 && statusCode < 300
514 |
515 | if respMap, ok := responseData.(map[string]interface{}); ok {
516 | // If it's already in wuzapi format, extract the data/error
517 | if data, hasData := respMap["data"]; hasData {
518 | ss.sendSuccess(requestID, statusCode, data)
519 | return
520 | }
521 | if errMsg, hasError := respMap["error"]; hasError {
522 | if errStr, ok := errMsg.(string); ok {
523 | ss.sendError(requestID, statusCode, errStr)
524 | return
525 | }
526 | }
527 | ss.sendSuccess(requestID, statusCode, respMap)
528 | return
529 | }
530 |
531 | // For non-JSON or simple responses
532 | if success {
533 | ss.sendSuccess(requestID, statusCode, responseData)
534 | } else {
535 | errorMsg := "request failed"
536 | if str, ok := responseData.(string); ok && str != "" {
537 | errorMsg = str
538 | }
539 | ss.sendError(requestID, statusCode, errorMsg)
540 | }
541 | }
542 |
543 | func (ss *stdioServer) sendSuccess(id ID, code int, data interface{}) {
544 | response := jsonRpcResponse{
545 | JSONRPC: "2.0",
546 | ID: id,
547 | Result: &jsonResult{Value: data},
548 | }
549 | ss.writeResponse(response)
550 | }
551 |
552 | func (ss *stdioServer) sendError(id ID, code int, errorMsg string) {
553 | response := jsonRpcResponse{
554 | JSONRPC: "2.0",
555 | ID: id,
556 | Error: &rpcError{
557 | Code: code,
558 | Message: errorMsg,
559 | },
560 | }
561 | ss.writeResponse(response)
562 | }
563 |
564 | func (ss *stdioServer) writeResponse(response jsonRpcResponse) {
565 | // Marshalled response as single line
566 | responseBytes, err := json.Marshal(response)
567 | if err != nil {
568 | log.Error().Err(err).Msg("Failed to marshal response")
569 | fallback := jsonRpcResponse{
570 | JSONRPC: "2.0",
571 | ID: response.ID,
572 | Error: &rpcError{
573 | Code: -32603,
574 | Message: "Internal error: failed to marshal response",
575 | },
576 | }
577 | responseBytes, err = json.Marshal(fallback)
578 | if err != nil {
579 | log.Error().Err(err).Msg("Failed to marshal fallback response")
580 | return
581 | }
582 | }
583 |
584 | // Write to stdout with newline
585 | fmt.Fprintf(ss.stdout, "%s\n", string(responseBytes))
586 |
587 | // Log with appropriate fields based on response type
588 | logEvent := log.Debug().Str("id", response.ID.String())
589 | if response.Error != nil {
590 | logEvent.Bool("success", false).Int("code", response.Error.Code).Str("error", response.Error.Message)
591 | } else {
592 | logEvent.Bool("success", true)
593 | }
594 | logEvent.Msg("Sent stdio response")
595 | }
596 |
597 | // jsonRpcNotification represents a one-way notification (no id, no response expected)
598 | // Follows JSON-RPC 2.0 specification
599 | type jsonRpcNotification struct {
600 | JSONRPC string `json:"jsonrpc"`
601 | Method string `json:"method"`
602 | Params map[string]interface{} `json:"params,omitempty"`
603 | }
604 |
605 | // SendNotification sends a JSON-RPC notification to stdout (webhooks in stdio mode)
606 | // This is thread-safe - os.Stdout writes are atomic at the OS level
607 | func (s *server) SendNotification(method string, params map[string]interface{}) {
608 | if s.mode != Stdio {
609 | return
610 | }
611 |
612 | notification := jsonRpcNotification{
613 | JSONRPC: "2.0",
614 | Method: method,
615 | Params: params,
616 | }
617 |
618 | notificationBytes, err := json.Marshal(notification)
619 | if err != nil {
620 | log.Error().Err(err).Msg("Failed to marshal notification")
621 | return
622 | }
623 |
624 | fmt.Fprintf(os.Stdout, "%s\n", string(notificationBytes))
625 |
626 | log.Debug().
627 | Str("method", method).
628 | Msg("Sent stdio notification")
629 | }
630 |
--------------------------------------------------------------------------------
/static/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
19 | WUZAPI is an implementation of the whatsmeow library as a simple RESTful API service, with support for multiple devices and concurrent sessions.
46 | 51 |WUZAPI offers a complete API to interact with WhatsApp efficiently without using heavy resources like Puppeteer or Android emulators.
64 |Direct communication with WhatsApp servers via websocket, resulting in lower memory and CPU usage.
72 |Support for multiple devices and users simultaneously on the same instance.
79 |Send text, images, audio, documents, videos, stickers, location, and contacts.
86 |Configure webhooks to receive real-time notifications of events and messages.
93 |Check if phone numbers have WhatsApp and get profile information.
100 |Token system for easy and secure user authentication.
107 |WUZAPI offers several endpoints to interact with WhatsApp, organized into functional categories.
117 |See how easy it is to use the WUZAPI API to interact with WhatsApp.
198 |Using this software in violation of WhatsApp's Terms of Service may result in your number being banned. Be very careful, do not use it for SPAM or anything similar. Use at your own risk. If you need to develop something with commercial interest, contact a global WhatsApp solution provider and sign up for the WhatsApp Business API service.
226 |Instructions to start using WUZAPI quickly.
233 |To run WUZAPI, you need:
239 |Compile the project with the following command:
249 |go build .251 |
WuzAPI uses a .env file for configuration. Here are the required settings:
257 |WUZAPI_ADMIN_TOKEN=your_admin_token_here 260 | USER=wuzapi 261 | PASSWORD=wuzapi 262 | NAME=wuzapi 263 | HOST=localhost 264 | PORT=5432 265 | America/New_York266 |
WUZAPI_ADMIN_TOKEN=your_admin_token_here 270 | TZ=America/New_York271 |
By default, the service will start on port 8080. You can change the behavior with the following parameters:
277 |-address: defines the IP address to bind the server (default 0.0.0.0)-port: defines the port number (default 8080)-logtype: format for logs, console (default) or json-wadebug: enables whatsmeow debug, INFO or DEBUG levels are supported-sslcertificate: SSL Certificate File-sslprivatekey: SSL Private Key File-skipmedia: Do not automatically download media from received messages-osname: Connection OSName in Whatsapp (default "Mac OS 10")-admintoken: Security Token to authorize admin actions (list/create/remove users)./wuzapi -logtype json291 |
To open sessions, you first need to create a user and define an authentication token for it. You can do this login into the Dashboard, or using the API directly:
297 |curl -X POST http://localhost:8080/admin/users \
299 | -H "Authorization: $WUZAPI_ADMIN_TOKEN" \
300 | -H "Content-Type: application/json" \
301 | -d '{"name": "John", "token": "Z1234ABCCXD"}'
302 | Once users are created, you can communicate with the API by passing the Token header as a simple authentication method. You can have multiple users (different numbers) on the same server. For every user you will need to Connect to whatsapp and then either scan a QR Code or Pair via phone number.
304 |The daemon also serves some static web files, useful for development/testing that you can load with your browser:
309 |If you like WUZAPI and want to help keep the project active and in development, consider making a donation. Your support is very important!
325 |
330 | Scan the QR code above with your banking app or digital wallet.
331 |Or make a donation via PayPal:
339 | 340 |
341 |
342 |