fix(api): add support for WhatsApp Business tokens exceeding 255 characters

oriondesign2015 · oriondesign2015 · commit 9699eed9a238 · 2025-12-11T23:53:52.000-03:00
- Add string truncation validation to prevent database column size errors
- Implement full token cache system for WhatsApp Business instances
- Auto-save full token to cache on authentication requests
- Update instance in memory with full token when detected
- Add token full length support in monitor service
- Adjust token comparison in auth guard and websocket controller
- Fix duplicate token check for full length tokens

This fixes the issue where WhatsApp Business API tokens (&gt;255 chars) were
truncated in the database, causing authentication failures and API errors.
The solution uses a hybrid cache system to store full tokens while keeping
the database compatible with the 255 char limit.
diff --git a/src/api/controllers/instance.controller.ts b/src/api/controllers/instance.controller.ts
@@ -72,14 +72,26 @@ export class InstanceController {
         status: instanceData.status,
       });
 
-      instance.setInstance({
-        instanceName: instanceData.instanceName,
-        instanceId,
-        integration: instanceData.integration,
-        token: hash,
-        number: instanceData.number,
-        businessId: instanceData.businessId,
-      });
+      // Para WhatsApp Business, setInstance é async e precisa ser aguardado
+      if (instanceData.integration === Integration.WHATSAPP_BUSINESS) {
+        await (instance as any).setInstance({
+          instanceName: instanceData.instanceName,
+          instanceId,
+          integration: instanceData.integration,
+          token: instanceData.token || hash, // Usa o token original completo
+          number: instanceData.number,
+          businessId: instanceData.businessId,
+        });
+      } else {
+        instance.setInstance({
+          instanceName: instanceData.instanceName,
+          instanceId,
+          integration: instanceData.integration,
+          token: hash,
+          number: instanceData.number,
+          businessId: instanceData.businessId,
+        });
+      }
 
       this.waMonitor.waInstances[instance.instanceName] = instance;
       this.waMonitor.delInstanceTime(instance.instanceName);
diff --git a/src/api/guards/auth.guard.ts b/src/api/guards/auth.guard.ts
@@ -1,5 +1,6 @@
 import { InstanceDto } from '@api/dto/instance.dto';
-import { prismaRepository } from '@api/server.module';
+import { cache, prismaRepository, waMonitor } from '@api/server.module';
+import { Integration } from '@api/types/wa.types';
 import { Auth, configService, Database } from '@config/env.config';
 import { Logger } from '@config/logger.config';
 import { ForbiddenException, UnauthorizedException } from '@exceptions';
@@ -30,15 +31,69 @@ async function apikey(req: Request, _: Response, next: NextFunction) {
       const instance = await prismaRepository.instance.findUnique({
         where: { name: param.instanceName },
       });
-      if (instance.token === key) {
+      const keyToCompare = key.length > 255 ? key.substring(0, 255) : key;
+      if (instance.token === keyToCompare) {
+        // Se o token fornecido é maior que 255 e a instância é WhatsApp Business, salva no cache
+        if (key.length > 255 && instance.integration === Integration.WHATSAPP_BUSINESS) {
+          const cacheKey = `instance:${param.instanceName}:fullToken`;
+          await cache.set(cacheKey, key, 0);
+          logger.log(`Stored full token in cache for ${param.instanceName} from request`);
+
+          // Atualiza a instância em memória se existir
+          if (waMonitor.waInstances[param.instanceName]) {
+            const waInstance = waMonitor.waInstances[param.instanceName];
+            if (waInstance && typeof (waInstance as any).setInstance === 'function') {
+              try {
+                await (waInstance as any).setInstance({
+                  instanceName: param.instanceName,
+                  instanceId: instance.id,
+                  integration: instance.integration,
+                  token: key,
+                  number: instance.number,
+                  businessId: instance.businessId,
+                });
+                logger.log(`Updated full token in memory for ${param.instanceName}`);
+              } catch (error) {
+                logger.error(`Error updating token in memory: ${error}`);
+              }
+            }
+          }
+        }
         return next();
       }
     } else {
       if (req.originalUrl.includes('/instance/fetchInstances') && db.SAVE_DATA.INSTANCE) {
+        const keyToCompare = key.length > 255 ? key.substring(0, 255) : key;
         const instanceByKey = await prismaRepository.instance.findFirst({
-          where: { token: key },
+          where: { token: keyToCompare },
         });
         if (instanceByKey) {
+          // Se o token fornecido é maior que 255 e a instância é WhatsApp Business, salva no cache
+          if (key.length > 255 && instanceByKey.integration === Integration.WHATSAPP_BUSINESS) {
+            const cacheKey = `instance:${instanceByKey.name}:fullToken`;
+            await cache.set(cacheKey, key, 0);
+            logger.log(`Stored full token in cache for ${instanceByKey.name} from request`);
+
+            // Atualiza a instância em memória se existir
+            if (waMonitor.waInstances[instanceByKey.name]) {
+              const waInstance = waMonitor.waInstances[instanceByKey.name];
+              if (waInstance && typeof (waInstance as any).setInstance === 'function') {
+                try {
+                  await (waInstance as any).setInstance({
+                    instanceName: instanceByKey.name,
+                    instanceId: instanceByKey.id,
+                    integration: instanceByKey.integration,
+                    token: key,
+                    number: instanceByKey.number,
+                    businessId: instanceByKey.businessId,
+                  });
+                  logger.log(`Updated full token in memory for ${instanceByKey.name}`);
+                } catch (error) {
+                  logger.error(`Error updating token in memory: ${error}`);
+                }
+              }
+            }
+          }
           return next();
         }
       }
diff --git a/src/api/integrations/channel/meta/whatsapp.business.service.ts b/src/api/integrations/channel/meta/whatsapp.business.service.ts
@@ -45,11 +45,41 @@ export class BusinessStartupService extends ChannelStartupService {
     super(configService, eventEmitter, prismaRepository, chatwootCache);
   }
 
+  private fullToken: string | null = null;
+
   public stateConnection: wa.StateConnection = { state: 'open' };
 
   public phoneNumber: string;
   public mobile: boolean;
 
+  // Override token getter para retornar token completo se disponível
+  public get token(): string {
+    return this.fullToken || this.instance.token || '';
+  }
+
+  // Override setInstance para armazenar/carregar token completo
+  public async setInstance(instance: any) {
+    super.setInstance(instance);
+
+    // Se o token fornecido é maior que 255, é o token completo - armazena imediatamente
+    if (instance.token && instance.token.length > 255) {
+      this.fullToken = instance.token;
+      const cacheKey = `instance:${instance.instanceName}:fullToken`;
+      await this.cache.set(cacheKey, instance.token, 0);
+      this.logger.log(`Stored full token in cache for ${instance.instanceName}`);
+    } else {
+      // Tenta carregar token completo do cache
+      const cacheKey = `instance:${instance.instanceName}:fullToken`;
+      const fullToken = await this.cache.get(cacheKey);
+      if (fullToken) {
+        this.fullToken = fullToken;
+        this.logger.log(`Loaded full token from cache for ${instance.instanceName}`);
+      } else {
+        this.logger.warn(`Full token not found in cache for ${instance.instanceName}, using truncated token`);
+      }
+    }
+  }
+
   public get connectionStatus() {
     return this.stateConnection;
   }
diff --git a/src/api/integrations/event/websocket/websocket.controller.ts b/src/api/integrations/event/websocket/websocket.controller.ts
@@ -52,7 +52,8 @@ export class WebsocketController extends EventController implements EventControl
             return callback('apiKey is required', false);
           }
 
-          const instance = await this.prismaRepository.instance.findFirst({ where: { token: apiKey } });
+          const keyToCompare = apiKey.length > 255 ? apiKey.substring(0, 255) : apiKey;
+          const instance = await this.prismaRepository.instance.findFirst({ where: { token: keyToCompare } });
 
           if (!instance) {
             const globalToken = configService.get<Auth>('AUTHENTICATION').API_KEY.KEY;
diff --git a/src/api/services/auth.service.ts b/src/api/services/auth.service.ts
@@ -9,8 +9,10 @@ export class AuthService {
       return true;
     }
 
+    // Compara apenas os primeiros 255 caracteres para verificar duplicatas
+    const tokenToCompare = token.length > 255 ? token.substring(0, 255) : token;
     const instances = await this.prismaRepository.instance.findMany({
-      where: { token },
+      where: { token: tokenToCompare },
     });
 
     if (instances.length > 0) {
diff --git a/src/api/services/channel.service.ts b/src/api/services/channel.service.ts
@@ -157,41 +157,49 @@ export class ChannelStartupService {
   }
 
   public async setSettings(data: SettingsDto) {
+    const truncate = (str: string | null | undefined, maxLength: number): string | null => {
+      if (!str) return null;
+      return str.length > maxLength ? str.substring(0, maxLength) : str;
+    };
+
+    const msgCall = truncate(data.msgCall, 100);
+    const wavoipToken = truncate(data.wavoipToken, 100);
+
     await this.prismaRepository.setting.upsert({
       where: {
         instanceId: this.instanceId,
       },
       update: {
         rejectCall: data.rejectCall,
-        msgCall: data.msgCall,
+        msgCall: msgCall,
         groupsIgnore: data.groupsIgnore,
         alwaysOnline: data.alwaysOnline,
         readMessages: data.readMessages,
         readStatus: data.readStatus,
         syncFullHistory: data.syncFullHistory,
-        wavoipToken: data.wavoipToken,
+        wavoipToken: wavoipToken,
       },
       create: {
         rejectCall: data.rejectCall,
-        msgCall: data.msgCall,
+        msgCall: msgCall,
         groupsIgnore: data.groupsIgnore,
         alwaysOnline: data.alwaysOnline,
         readMessages: data.readMessages,
         readStatus: data.readStatus,
         syncFullHistory: data.syncFullHistory,
-        wavoipToken: data.wavoipToken,
+        wavoipToken: wavoipToken,
         instanceId: this.instanceId,
       },
     });
 
     this.localSettings.rejectCall = data?.rejectCall;
-    this.localSettings.msgCall = data?.msgCall;
+    this.localSettings.msgCall = msgCall;
     this.localSettings.groupsIgnore = data?.groupsIgnore;
     this.localSettings.alwaysOnline = data?.alwaysOnline;
     this.localSettings.readMessages = data?.readMessages;
     this.localSettings.readStatus = data?.readStatus;
     this.localSettings.syncFullHistory = data?.syncFullHistory;
-    this.localSettings.wavoipToken = data?.wavoipToken;
+    this.localSettings.wavoipToken = wavoipToken;
 
     if (this.localSettings.wavoipToken && this.localSettings.wavoipToken.length > 0) {
       this.client.ws.close();
diff --git a/src/api/services/monitor.service.ts b/src/api/services/monitor.service.ts
@@ -239,26 +239,37 @@ export class WAMonitoringService {
   }
 
   public async saveInstance(data: any) {
+    const truncate = (str: string | null | undefined, maxLength: number): string | null => {
+      if (!str) return null;
+      return str.length > maxLength ? str.substring(0, maxLength) : str;
+    };
+
     try {
-      const clientName = await this.configService.get<Database>('DATABASE').CONNECTION.CLIENT_NAME;
+      const instanceName = truncate(data.instanceName, 255);
+      if (!instanceName || instanceName.trim().length === 0) {
+        throw new Error('instanceName is required and cannot be empty');
+      }
+
+      const clientName = this.configService.get<Database>('DATABASE').CONNECTION.CLIENT_NAME;
       await this.prismaRepository.instance.create({
         data: {
           id: data.instanceId,
-          name: data.instanceName,
-          ownerJid: data.ownerJid,
-          profileName: data.profileName,
-          profilePicUrl: data.profilePicUrl,
+          name: instanceName,
+          ownerJid: truncate(data.ownerJid, 100),
+          profileName: truncate(data.profileName, 100),
+          profilePicUrl: truncate(data.profilePicUrl, 500),
           connectionStatus:
             data.integration && data.integration === Integration.WHATSAPP_BAILEYS ? 'close' : (data.status ?? 'open'),
-          number: data.number,
-          integration: data.integration || Integration.WHATSAPP_BAILEYS,
-          token: data.hash,
-          clientName: clientName,
-          businessId: data.businessId,
+          number: truncate(data.number, 100),
+          integration: truncate(data.integration || Integration.WHATSAPP_BAILEYS, 100),
+          token: truncate(data.hash, 255),
+          clientName: truncate(clientName, 100),
+          businessId: truncate(data.businessId, 100),
         },
       });
     } catch (error) {
       this.logger.error(error);
+      throw error;
     }
   }
 
@@ -283,15 +294,31 @@ export class WAMonitoringService {
 
     if (!instance) return;
 
-    instance.setInstance({
-      instanceId: instanceData.instanceId,
-      instanceName: instanceData.instanceName,
-      integration: instanceData.integration,
-      token: instanceData.token,
-      number: instanceData.number,
-      businessId: instanceData.businessId,
-      ownerJid: instanceData.ownerJid,
-    });
+    // Para WhatsApp Business, setInstance é async e precisa ser aguardado
+    if (instanceData.integration === Integration.WHATSAPP_BUSINESS) {
+      const setInstanceResult = (instance as any).setInstance({
+        instanceId: instanceData.instanceId,
+        instanceName: instanceData.instanceName,
+        integration: instanceData.integration,
+        token: instanceData.token,
+        number: instanceData.number,
+        businessId: instanceData.businessId,
+        ownerJid: instanceData.ownerJid,
+      });
+      if (setInstanceResult instanceof Promise) {
+        await setInstanceResult;
+      }
+    } else {
+      instance.setInstance({
+        instanceId: instanceData.instanceId,
+        instanceName: instanceData.instanceName,
+        integration: instanceData.integration,
+        token: instanceData.token,
+        number: instanceData.number,
+        businessId: instanceData.businessId,
+        ownerJid: instanceData.ownerJid,
+      });
+    }
 
     if (instanceData.connectionStatus === 'open' || instanceData.connectionStatus === 'connecting') {
       this.logger.info(
@@ -321,11 +348,21 @@ export class WAMonitoringService {
             return;
           }
 
+          // Para WhatsApp Business, tenta carregar token completo do cache
+          let token = instanceData.token;
+          if (instanceData.integration === Integration.WHATSAPP_BUSINESS) {
+            const cacheKey = `instance:${instanceData.name}:fullToken`;
+            const fullToken = await this.cache.get(cacheKey);
+            if (fullToken) {
+              token = fullToken;
+            }
+          }
+
           const instance = {
             instanceId: k.split(':')[1],
             instanceName: k.split(':')[2],
             integration: instanceData.integration,
-            token: instanceData.token,
+            token: token,
             number: instanceData.number,
             businessId: instanceData.businessId,
             connectionStatus: instanceData.connectionStatus as any, // Pass connection status
@@ -350,11 +387,21 @@ export class WAMonitoringService {
 
     await Promise.all(
       instances.map(async (instance) => {
+        // Para WhatsApp Business, tenta carregar token completo do cache
+        let token = instance.token;
+        if (instance.integration === Integration.WHATSAPP_BUSINESS) {
+          const cacheKey = `instance:${instance.name}:fullToken`;
+          const fullToken = await this.cache.get(cacheKey);
+          if (fullToken) {
+            token = fullToken;
+          }
+        }
+
         this.setInstance({
           instanceId: instance.id,
           instanceName: instance.name,
           integration: instance.integration,
-          token: instance.token,
+          token: token,
           number: instance.number,
           businessId: instance.businessId,
           ownerJid: instance.ownerJid,
@@ -377,11 +424,21 @@ export class WAMonitoringService {
           where: { id: instanceId },
         });
 
+        // Para WhatsApp Business, tenta carregar token completo do cache
+        let token = instance.token;
+        if (instance.integration === Integration.WHATSAPP_BUSINESS) {
+          const cacheKey = `instance:${instance.name}:fullToken`;
+          const fullToken = await this.cache.get(cacheKey);
+          if (fullToken) {
+            token = fullToken;
+          }
+        }
+
         this.setInstance({
           instanceId: instance.id,
           instanceName: instance.name,
           integration: instance.integration,
-          token: instance.token,
+          token: token,
           businessId: instance.businessId,
           connectionStatus: instance.connectionStatus as any, // Pass connection status
         });

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,8 @@ export class WebsocketController extends EventController implements EventControl`
`52`	`52`	`return callback('apiKey is required', false);`
`53`	`53`	`}`
`54`	`54`
`55`		`- const instance = await this.prismaRepository.instance.findFirst({ where: { token: apiKey } });`
	`55`	`+ const keyToCompare = apiKey.length > 255 ? apiKey.substring(0, 255) : apiKey;`
	`56`	`+ const instance = await this.prismaRepository.instance.findFirst({ where: { token: keyToCompare } });`
`56`	`57`
`57`	`58`	`if (!instance) {`
`58`	`59`	`const globalToken = configService.get<Auth>('AUTHENTICATION').API_KEY.KEY;`