// Copyright (c) 2024 Tulir Asokan
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package whatsmeow
import (
"bytes"
"context"
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"os"
"go.mau.fi/util/random"
"go.mau.fi/whatsmeow/socket"
"go.mau.fi/whatsmeow/util/cbcutil"
)
// UploadResponse contains the data from the attachment upload, which can be put into a message to send the attachment.
type UploadResponse struct {
URL string `json:"url"`
DirectPath string `json:"direct_path"`
Handle string `json:"handle"`
ObjectID string `json:"object_id"`
MediaKey []byte `json:"-"`
FileEncSHA256 []byte `json:"-"`
FileSHA256 []byte `json:"-"`
FileLength uint64 `json:"-"`
}
// Upload uploads the given attachment to WhatsApp servers.
//
// You should copy the fields in the response to the corresponding fields in a protobuf message.
//
// For example, to send an image:
//
// resp, err := cli.Upload(context.Background(), yourImageBytes, whatsmeow.MediaImage)
// // handle error
//
// imageMsg := &waE2E.ImageMessage{
// Caption: proto.String("Hello, world!"),
// Mimetype: proto.String("image/png"), // replace this with the actual mime type
// // you can also optionally add other fields like ContextInfo and JpegThumbnail here
//
// URL: &resp.URL,
// DirectPath: &resp.DirectPath,
// MediaKey: resp.MediaKey,
// FileEncSHA256: resp.FileEncSHA256,
// FileSHA256: resp.FileSHA256,
// FileLength: &resp.FileLength,
// }
// _, err = cli.SendMessage(context.Background(), targetJID, &waE2E.Message{
// ImageMessage: imageMsg,
// })
// // handle error again
//
// The same applies to the other message types like DocumentMessage, just replace the struct type and Message field name.
func (cli *Client) Upload(ctx context.Context, plaintext []byte, appInfo MediaType) (resp UploadResponse, err error) {
resp.FileLength = uint64(len(plaintext))
resp.MediaKey = random.Bytes(32)
plaintextSHA256 := sha256.Sum256(plaintext)
resp.FileSHA256 = plaintextSHA256[:]
iv, cipherKey, macKey, _ := getMediaKeys(resp.MediaKey, appInfo)
var ciphertext []byte
ciphertext, err = cbcutil.Encrypt(cipherKey, iv, plaintext)
if err != nil {
err = fmt.Errorf("failed to encrypt file: %w", err)
return
}
h := hmac.New(sha256.New, macKey)
h.Write(iv)
h.Write(ciphertext)
dataToUpload := append(ciphertext, h.Sum(nil)[:10]...)
dataHash := sha256.Sum256(dataToUpload)
resp.FileEncSHA256 = dataHash[:]
err = cli.rawUpload(ctx, bytes.NewReader(dataToUpload), resp.FileEncSHA256, appInfo, false, &resp)
return
}
// UploadReader uploads the given attachment to WhatsApp servers.
//
// This is otherwise identical to [Upload], but it reads the plaintext from an [io.Reader] instead of a byte slice.
// A temporary file is required for the encryption process. If tempFile is nil, a temporary file will be created
// and deleted after the upload.
func (cli *Client) UploadReader(ctx context.Context, plaintext io.Reader, tempFile io.ReadWriteSeeker, appInfo MediaType) (resp UploadResponse, err error) {
resp.MediaKey = random.Bytes(32)
iv, cipherKey, macKey, _ := getMediaKeys(resp.MediaKey, appInfo)
if tempFile == nil {
tempFile, err = os.CreateTemp("", "whatsmeow-upload-*")
if err != nil {
err = fmt.Errorf("failed to create temporary file: %w", err)
return
}
defer func() {
tempFileFile := tempFile.(*os.File)
_ = tempFileFile.Close()
_ = os.Remove(tempFileFile.Name())
}()
}
resp.FileSHA256, resp.FileEncSHA256, resp.FileLength, err = cbcutil.EncryptStream(cipherKey, iv, macKey, plaintext, tempFile)
if err != nil {
err = fmt.Errorf("failed to encrypt file: %w", err)
return
}
_, err = tempFile.Seek(0, io.SeekStart)
if err != nil {
err = fmt.Errorf("failed to seek to start of temporary file: %w", err)
return
}
err = cli.rawUpload(ctx, tempFile, resp.FileEncSHA256, appInfo, false, &resp)
return
}
// UploadNewsletter uploads the given attachment to WhatsApp servers without encrypting it first.
//
// Newsletter media works mostly the same way as normal media, with a few differences:
// * Since it's unencrypted, there's no MediaKey or FileEncSHA256 fields.
// * There's a "media handle" that needs to be passed in SendRequestExtra.
//
// Example:
//
// resp, err := cli.UploadNewsletter(context.Background(), yourImageBytes, whatsmeow.MediaImage)
// // handle error
//
// imageMsg := &waE2E.ImageMessage{
// // Caption, mime type and other such fields work like normal
// Caption: proto.String("Hello, world!"),
// Mimetype: proto.String("image/png"),
//
// // URL and direct path are also there like normal media
// URL: &resp.URL,
// DirectPath: &resp.DirectPath,
// FileSHA256: resp.FileSHA256,
// FileLength: &resp.FileLength,
// // Newsletter media isn't encrypted, so the media key and file enc sha fields are not applicable
// }
// _, err = cli.SendMessage(context.Background(), newsletterJID, &waE2E.Message{
// ImageMessage: imageMsg,
// }, whatsmeow.SendRequestExtra{
// // Unlike normal media, newsletters also include a "media handle" in the send request.
// MediaHandle: resp.Handle,
// })
// // handle error again
func (cli *Client) UploadNewsletter(ctx context.Context, data []byte, appInfo MediaType) (resp UploadResponse, err error) {
resp.FileLength = uint64(len(data))
hash := sha256.Sum256(data)
resp.FileSHA256 = hash[:]
err = cli.rawUpload(ctx, bytes.NewReader(data), resp.FileSHA256, appInfo, true, &resp)
return
}
// UploadNewsletterReader uploads the given attachment to WhatsApp servers without encrypting it first.
//
// This is otherwise identical to [UploadNewsletter], but it reads the plaintext from an [io.Reader] instead of a byte slice.
// Unlike [UploadReader], this does not require a temporary file. However, the data needs to be hashed first,
// so an [io.ReadSeeker] is required to be able to read the data twice.
func (cli *Client) UploadNewsletterReader(ctx context.Context, data io.ReadSeeker, appInfo MediaType) (resp UploadResponse, err error) {
hasher := sha256.New()
var fileLength int64
fileLength, err = io.Copy(hasher, data)
resp.FileLength = uint64(fileLength)
resp.FileSHA256 = hasher.Sum(nil)
_, err = data.Seek(0, io.SeekStart)
if err != nil {
err = fmt.Errorf("failed to seek to start of data: %w", err)
return
}
err = cli.rawUpload(ctx, data, resp.FileSHA256, appInfo, true, &resp)
return
}
func (cli *Client) rawUpload(ctx context.Context, dataToUpload io.Reader, fileHash []byte, appInfo MediaType, newsletter bool, resp *UploadResponse) error {
mediaConn, err := cli.refreshMediaConn(false)
if err != nil {
return fmt.Errorf("failed to refresh media connections: %w", err)
}
token := base64.URLEncoding.EncodeToString(fileHash)
q := url.Values{
"auth": []string{mediaConn.Auth},
"token": []string{token},
}
mmsType := mediaTypeToMMSType[appInfo]
uploadPrefix := "mms"
if cli.MessengerConfig != nil {
uploadPrefix = "wa-msgr/mms"
// Messenger upload only allows voice messages, not audio files
if mmsType == "audio" {
mmsType = "ptt"
}
}
if newsletter {
mmsType = fmt.Sprintf("newsletter-%s", mmsType)
uploadPrefix = "newsletter"
}
var host string
// Hacky hack to prefer last option (rupload.facebook.com) for messenger uploads.
// For some reason, the primary host doesn't work, even though it has the <upload/> tag.
if cli.MessengerConfig != nil {
host = mediaConn.Hosts[len(mediaConn.Hosts)-1].Hostname
} else {
host = mediaConn.Hosts[0].Hostname
}
uploadURL := url.URL{
Scheme: "https",
Host: host,
Path: fmt.Sprintf("/%s/%s/%s", uploadPrefix, mmsType, token),
RawQuery: q.Encode(),
}
req, err := http.NewRequestWithContext(ctx, http.MethodPost, uploadURL.String(), dataToUpload)
if err != nil {
return fmt.Errorf("failed to prepare request: %w", err)
}
req.Header.Set("Origin", socket.Origin)
req.Header.Set("Referer", socket.Origin+"/")
httpResp, err := cli.http.Do(req)
if err != nil {
err = fmt.Errorf("failed to execute request: %w", err)
} else if httpResp.StatusCode != http.StatusOK {
err = fmt.Errorf("upload failed with status code %d", httpResp.StatusCode)
} else if err = json.NewDecoder(httpResp.Body).Decode(&resp); err != nil {
err = fmt.Errorf("failed to parse upload response: %w", err)
}
if httpResp != nil {
_ = httpResp.Body.Close()
}
return err
}