Overflow mode when server exceeds Discord's ratelimiting. Will compact many messages into one embed with timestamps

Dockerfile

@@ -0,0 +1,19 @@
+FROM golang:1.25.6-alpine AS builder
+
+RUN apk add --no-cache git
+
+WORKDIR /build
+
+RUN git clone https://github.com/Salastil/Sneedchat-Discord-Bridge-Go.git .
+
+RUN go mod tidy && go build -o Sneedchat-Discord-Bridge .
+
+FROM alpine:latest
+
+RUN apk add --no-cache ca-certificates
+
+WORKDIR /app
+
+COPY --from=builder /build/Sneedchat-Discord-Bridge .
+
+ENTRYPOINT ["./Sneedchat-Discord-Bridge"]

README.md

@@ -20,7 +20,7 @@ A high-performance bridge written in Go that synchronizes messages between Kiwi
 
 ## Requirements
 
-- **Go 1.23 or higher**
+- **Go 1.25.6 or higher**
 - **Discord Bot Token** with proper permissions
 - **Discord Webhook URL**
 - **Kiwi Farms account** with Sneedchat access
@@ -35,7 +35,7 @@ sudo apt update
 sudo apt install golang git
 
 # Verify installation
-go version  # Should show 1.23 or higher
+go version  # Should show 1.25.6 or higher
 ```
 
 ### 2. Clone and Build
@@ -271,10 +271,3 @@ If messages aren't appearing:
 ## License
 
 This bridge is provided as-is. Use responsibly and in accordance with Kiwi Farms and Discord Terms of Service.
-
-## Credits
-
-Built with:
-- [discordgo](https://github.com/bwmarrin/discordgo) - Discord API
-- [gorilla/websocket](https://github.com/gorilla/websocket) - WebSocket client
-- [godotenv](https://github.com/joho/godotenv) - Environment loading

cookie/fetcher.go

@@ -1,224 +1,252 @@
 package cookie
 
 import (
+	"context"
 	"crypto/sha256"
+	"crypto/tls"
 	"fmt"
 	"io"
 	"log"
-	"math/rand"
 	"net/http"
-	"net/http/cookiejar"
 	"net/url"
 	"regexp"
-	"strconv"
+	"slices"
 	"strings"
 	"sync"
 	"time"
 )
 
-const (
-	CookieRefreshInterval = 4 * time.Hour
-	CookieRetryDelay      = 5 * time.Second
-	MaxCookieRetryDelay   = 60 * time.Second
-)
-
-type CookieRefreshService struct {
-	username      string
-	password      string
-	domain        string
-	client        *http.Client
-	jar           http.CookieJar
-	currentCookie string
-
-	debug bool
-
-	mu        sync.RWMutex
-	readyOnce sync.Once
-	readyCh   chan struct{}
-	stopCh    chan struct{}
-	wg        sync.WaitGroup
+// SessionService manages XenForo session cookies as plain strings.
+// No http.Client jar is used anywhere — every cookie is stored explicitly
+// and overwritten on update, eliminating all accumulation bugs.
+type SessionService struct {
+	mu       sync.Mutex
+	cookies  map[string]string // name → value, last write wins
+	domain   *url.URL
+	username string
+	password string
+	tr       *http.Transport  // shared transport, TLS config applied once
+	stopCh   chan struct{}
 }
 
-func NewCookieRefreshService(username, password, domain string) (*CookieRefreshService, error) {
-	return NewCookieRefreshServiceWithDebug(username, password, domain, false)
+// NewSessionService creates a service, performs initial login, and returns.
+func NewSessionService(ctx context.Context, host, username, password string) (*SessionService, error) {
+	u, _ := url.Parse("https://" + host + "/")
+
+	tr := http.DefaultTransport.(*http.Transport).Clone()
+	tr.TLSClientConfig = tlsConfig()
+
+	s := &SessionService{
+		cookies:  make(map[string]string),
+		domain:   u,
+		username: username,
+		password: password,
+		tr:       tr,
+		stopCh:   make(chan struct{}),
+	}
+
+	log.Println("⏳ Logging in to Kiwi Farms...")
+	if err := s.Login(ctx); err != nil {
+		return nil, fmt.Errorf("initial login: %w", err)
+	}
+	log.Println("✅ Login successful")
+
+	go s.refreshLoop(ctx)
+
+	return s, nil
 }
 
-func NewCookieRefreshServiceWithDebug(username, password, domain string, debug bool) (*CookieRefreshService, error) {
-	jar, err := cookiejar.New(nil)
+// Close stops the background refresh loop. Call at shutdown after
+// sneedClient.Disconnect().
+func (s *SessionService) Close() {
+	close(s.stopCh)
+}
+
+// refreshLoop proactively renews all session cookies every 4 hours.
+// Prevents xf_session and xf_user from expiring mid-run so reconnect
+// attempts always have valid credentials. ttrs_clearance is cleared
+// so the next WebSocket dial solves it fresh.
+func (s *SessionService) refreshLoop(ctx context.Context) {
+	ticker := time.NewTicker(4 * time.Hour)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ticker.C:
+			log.Println("🔄 Proactive session refresh (4h timer)...")
+			s.mu.Lock()
+			s.deleteCookie("ttrs_clearance")
+			if err := s.login(ctx); err != nil {
+				log.Printf("⚠️ Proactive session refresh failed: %v", err)
+			} else {
+				log.Println("✅ Proactive session refresh complete")
+			}
+			s.mu.Unlock()
+		case <-s.stopCh:
+			return
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+// tlsConfig mirrors sockchat's socketTLSConfig exactly:
+// concatenate secure + insecure cipher suites so KiwiFlare TLS fingerprinting
+// doesn't trigger. "The insecure ones appear to be necessary for consistently
+// getting around 203s." — sockchat source comment.
+func tlsConfig() *tls.Config {
+	all := slices.Concat(tls.CipherSuites(), tls.InsecureCipherSuites())
+	ids := make([]uint16, len(all))
+	for i, s := range all {
+		ids[i] = s.ID
+	}
+	return &tls.Config{CipherSuites: ids}
+}
+
+// Transport returns the shared *http.Transport for use in the WebSocket dialer.
+// The caller should use tr.DialContext and tr.TLSClientConfig directly,
+// mirroring sockchat's NewSocket pattern.
+func (s *SessionService) Transport() *http.Transport {
+	return s.tr
+}
+
+// setCookie stores a cookie by name, overwriting any previous value.
+func (s *SessionService) setCookie(name, value string) {
+	s.cookies[name] = value
+}
+
+// deleteCookie removes a cookie by name.
+func (s *SessionService) deleteCookie(name string) {
+	delete(s.cookies, name)
+}
+
+// absorbResponse reads all Set-Cookie headers from resp and stores them,
+// overwriting any existing values. Each call is idempotent per cookie name.
+func (s *SessionService) absorbResponse(resp *http.Response) {
+	for _, sc := range resp.Header["Set-Cookie"] {
+		seg := strings.SplitN(sc, ";", 2)
+		kv := strings.SplitN(strings.TrimSpace(seg[0]), "=", 2)
+		if len(kv) == 2 {
+			s.cookies[strings.TrimSpace(kv[0])] = strings.TrimSpace(kv[1])
+		}
+	}
+}
+
+// cookieHeader returns the current cookie state as a "name=value; ..." string
+// suitable for use as a Cookie HTTP header or WebSocket dial header.
+func (s *SessionService) cookieHeader() string {
+	parts := make([]string, 0, len(s.cookies))
+	for k, v := range s.cookies {
+		if v != "" {
+			parts = append(parts, k+"="+v)
+		}
+	}
+	return strings.Join(parts, "; ")
+}
+
+// do performs a single HTTP round-trip via the shared transport.
+// Injects current cookies, absorbs Set-Cookie from response.
+// Does not follow redirects.
+func (s *SessionService) do(req *http.Request) (*http.Response, error) {
+	if cookie := s.cookieHeader(); cookie != "" {
+		req.Header.Set("Cookie", cookie)
+	}
+	req.Header.Set("User-Agent", "Mozilla/5.0")
+	resp, err := s.tr.RoundTrip(req)
 	if err != nil {
 		return nil, err
 	}
-	tr := &http.Transport{} 
-	client := &http.Client{
-		Jar:       jar,
-		Transport: tr,
-		Timeout:   30 * time.Second,
-	}
-	return &CookieRefreshService{
-		username: username,
-		password: password,
-		domain:   domain,
-		client:   client,
-		jar:      jar,
-		debug:    debug,
-		readyCh:  make(chan struct{}),
-		stopCh:   make(chan struct{}),
-	}, nil
+	s.absorbResponse(resp)
+	return resp, nil
 }
 
-func (s *CookieRefreshService) Start() {
-	s.wg.Add(1)
-	go func() {
-		defer s.wg.Done()
-		
-		// Initial fetch
-		log.Println("⏳ Fetching initial cookie...")
-		c, err := s.FetchFreshCookie()
-		if err != nil {
-			log.Printf("❌ Failed to obtain initial cookie: %v", err)
-			s.readyOnce.Do(func() { close(s.readyCh) })
-			return
-		}
-		s.mu.Lock()
-		s.currentCookie = c
-		s.mu.Unlock()
-		s.readyOnce.Do(func() { close(s.readyCh) })
-		log.Println("✅ Initial cookie obtained")
-		
-		// Continuous refresh loop
-		ticker := time.NewTicker(CookieRefreshInterval)
-		defer ticker.Stop()
-		
-		for {
-			select {
-			case <-ticker.C:
-				log.Println("🔄 Auto-refreshing cookie...")
-				newCookie, err := s.FetchFreshCookie()
-				if err != nil {
-					log.Printf("⚠️ Cookie auto-refresh failed: %v", err)
-					continue
-				}
-				s.mu.Lock()
-				s.currentCookie = newCookie
-				s.mu.Unlock()
-				log.Println("✅ Cookie auto-refresh successful")
-			case <-s.stopCh:
-				log.Println("Cookie refresh service stopping")
-				return
-			}
-		}
-	}()
-}
-
-func (s *CookieRefreshService) WaitForCookie() {
-	<-s.readyCh
-}
-
-func (s *CookieRefreshService) Stop() {
-	close(s.stopCh)
-	s.wg.Wait()
-}
-
-func (s *CookieRefreshService) GetCurrentCookie() string {
-	s.mu.RLock()
-	defer s.mu.RUnlock()
-	return s.currentCookie
-}
-
-func (s *CookieRefreshService) FetchFreshCookie() (string, error) {
-	if s.debug {
-		log.Println("💡 Stage: Starting FetchFreshCookie")
-	}
-
-	attempt := 0
-	delay := CookieRetryDelay
-
-	for {
-		attempt++
-		c, err := s.attemptFetchCookie()
-		if err == nil {
-			if s.debug {
-				log.Printf("✅ Successfully fetched fresh cookie with xf_user (attempt %d)", attempt)
-			}
-			return c, nil
-		}
-
-		log.Printf("⚠️ Cookie fetch attempt %d failed: %v", attempt, err)
-		// Exponential backoff, capped
-		time.Sleep(delay)
-		delay *= 2
-		if delay > MaxCookieRetryDelay {
-			delay = MaxCookieRetryDelay
-		}
-	}
-}
-
-func (s *CookieRefreshService) attemptFetchCookie() (string, error) {
-	base := fmt.Sprintf("https://%s/", s.domain)
-	loginPage := fmt.Sprintf("https://%s/login", s.domain)
-	loginPost := fmt.Sprintf("https://%s/login/login", s.domain)
-	accountURL := fmt.Sprintf("https://%s/account/", s.domain)
-	rootURL, _ := url.Parse(base)
-
-	// Reset redirect policy for manual control
-	s.client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
-		// don't auto-follow on login POST so we can inspect cookies first
-		return http.ErrUseLastResponse
-	}
-
-	// --- Step 1: KiwiFlare
-	if s.debug {
-		log.Println("Step 1: Checking for KiwiFlare challenge...")
-	}
-	if err := s.solveKiwiFlareIfPresent(base); err != nil {
-		return "", fmt.Errorf("KiwiFlare solve failed: %w", err)
-	}
-	if s.debug {
-		log.Println("✅ KiwiFlare challenge solved")
-	}
-
-	time.Sleep(2 * time.Second)
-
-	// --- Step 2: GET /login ---
-	if s.debug {
-		log.Println("Step 2: Fetching login page...")
-	}
-	reqLogin, _ := http.NewRequest("GET", loginPage, nil)
-	reqLogin.Header.Set("Cache-Control", "no-cache")
-	reqLogin.Header.Set("Pragma", "no-cache")
-	reqLogin.Header.Set("User-Agent", "Mozilla/5.0")
-	respLogin, err := s.client.Do(reqLogin)
+// get performs a GET request, solving any KiwiFlare 203 challenge inline.
+// host can differ from s.domain.Host for non-standard port endpoints.
+func (s *SessionService) get(ctx context.Context, target *url.URL) (*http.Response, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", target.String(), nil)
 	if err != nil {
-		return "", fmt.Errorf("failed to get login page: %w", err)
+		return nil, err
 	}
-	defer respLogin.Body.Close()
+	resp, err := s.do(req)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode == 203 {
+		body, _ := io.ReadAll(resp.Body)
+		resp.Body.Close()
+		log.Printf("🔑 KiwiFlare 203 on %s — solving PoW...", target.Host)
+		if err := s.solveAndSubmit(ctx, body, target.Host); err != nil {
+			return nil, fmt.Errorf("PoW solve for %s: %w", target.Host, err)
+		}
+		return s.get(ctx, target) // retry after solve
+	}
+	return resp, nil
+}
 
-	bodyLogin, _ := io.ReadAll(respLogin.Body)
-	if s.debug {
-		log.Printf("📄 Login page HTML (first 1024 bytes):\n%s", firstN(string(bodyLogin), 1024))
+// solveAndSubmit parses a cerberus PoW challenge from the 203 response body,
+// solves it, and POSTs the solution to the issuing host (preserving port).
+// The resulting ttrs_clearance is absorbed via absorbResponse.
+func (s *SessionService) solveAndSubmit(ctx context.Context, body []byte, host string) error {
+	salt, diff, err := parseChallengeHTML(string(body))
+	if err != nil {
+		return fmt.Errorf("parse challenge: %w", err)
 	}
+	log.Printf("🔑 Challenge: salt=%s difficulty=%d", salt, diff)
 
-	// --- Step 3: Extract CSRF---
-	if s.debug {
-		log.Println("Step 3: Extracting CSRF token...")
+	nonce, err := solvePoW(ctx, salt, diff)
+	if err != nil {
+		return err
 	}
-	csrf := extractCSRF(string(bodyLogin))
+	log.Printf("✅ Solved: nonce=%d", nonce)
+
+	submitURL := fmt.Sprintf("https://%s/.ttrs/challenge", host)
+	body2 := fmt.Sprintf("salt=%s&redirect=/&nonce=%d", url.QueryEscape(salt), nonce)
+	req, err := http.NewRequestWithContext(ctx, "POST", submitURL, strings.NewReader(body2))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	resp, err := s.do(req)
+	if err != nil {
+		return fmt.Errorf("submit: %w", err)
+	}
+	resp.Body.Close()
+	log.Printf("✅ Challenge submitted to %s (HTTP %d)", host, resp.StatusCode)
+	return nil
+}
+
+// Login performs a full XenForo login: solves KiwiFlare, gets CSRF, POSTs creds.
+// Caller must hold mu or be in a single-threaded context (NewSessionService).
+func (s *SessionService) Login(ctx context.Context) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.login(ctx)
+}
+
+func (s *SessionService) login(ctx context.Context) error {
+	base := s.domain.String()
+
+	log.Println("🔑 Priming KiwiFlare clearance...")
+	resp, err := s.get(ctx, s.domain)
+	if err != nil {
+		return fmt.Errorf("root GET: %w", err)
+	}
+	resp.Body.Close()
+	log.Println("✅ Clearance primed")
+
+	loginURL, _ := url.Parse(base + "login")
+	resp, err = s.get(ctx, loginURL)
+	if err != nil {
+		return fmt.Errorf("login page GET: %w", err)
+	}
+	body, _ := io.ReadAll(resp.Body)
+	resp.Body.Close()
+
+	csrf := extractCSRF(string(body))
 	if csrf == "" {
-		return "", fmt.Errorf("CSRF token not found in login page")
-	}
-	if s.debug {
-		log.Printf("✅ Found CSRF token: %s...", abbreviate(csrf, 10))
-	}
-
-	// Record if already have xf_user BEFORE login POST
-	preCookies := s.jar.Cookies(rootURL)
-	hadXfUserBefore := hasCookie(preCookies, "xf_user")
-
-	// --- Step 4: POST /login/login---
-	if s.debug {
-		log.Println("Step 4: Submitting login credentials...")
-		logCookies("Cookies before login POST", preCookies)
+		return fmt.Errorf("CSRF token not found")
 	}
+	log.Printf("🔐 CSRF token obtained: %s...", csrf[:min(10, len(csrf))])
 
 	form := url.Values{
 		"_xfToken":    {csrf},
@@ -227,184 +255,156 @@ func (s *CookieRefreshService) attemptFetchCookie() (string, error) {
 		"_xfRedirect": {base},
 		"remember":    {"1"},
 	}
-	postReq, _ := http.NewRequest("POST", loginPost, strings.NewReader(form.Encode()))
-	postReq.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	postReq.Header.Set("User-Agent", "Mozilla/5.0")
-	postReq.Header.Set("Referer", loginPage)
-	postReq.Header.Set("Origin", fmt.Sprintf("https://%s", s.domain))
-	postResp, err := s.client.Do(postReq)
-	if err != nil {
-		return "", fmt.Errorf("login POST failed: %w", err)
-	}
-	defer postResp.Body.Close()
-
-	if s.debug {
-		log.Printf("Login response status: %d", postResp.StatusCode)
-	}
-
-	// XenForo often 303 when successful; 200 might still be fine (AJAX template), so we don't fail on 200 alone.
-
-	// small delay to let cookies propagate
-	if s.debug {
-		log.Println("⏳ Waiting 2 seconds for XenForo to issue cookies...")
-	}
-	time.Sleep(2 * time.Second)
-
-	postCookies := s.jar.Cookies(rootURL)
-	if s.debug {
-		for _, c := range postCookies {
-			log.Printf("Cookie after login: %s=%s...", c.Name, abbreviate(c.Value, 10))
-		}
-	}
-
-	// Check for xf_user after login
-	if hasCookie(postCookies, "xf_user") {
-		return buildCookieString(postCookies), nil
-	}
-
-	// ---- Success path: If we had xf_user before and still no new xf_user now,
-	// try validating the existing session on /account/ and succeed if logged in.
-	if hadXfUserBefore {
-		if s.debug {
-			log.Println("🔍 Missing xf_user after login POST but it existed before; validating current session via /account/ ...")
-		}
-		ok, cookieStr := s.validateSessionUsingAccount(accountURL, rootURL)
-		if ok {
-			if s.debug {
-				log.Println("✅ /account/ shows logged-in; retaining existing session cookie")
-			}
-			return cookieStr, nil
-		}
-		if s.debug {
-			log.Println("⚠️ /account/ did not confirm logged-in; proceeding with failure")
-		}
-	}
-
-	// If not successful yet, read body for context & fail
-	bodyBytes, _ := io.ReadAll(postResp.Body)
-	bodyText := string(bodyBytes)
-	if s.debug {
-		log.Printf("📄 Login HTML snippet (first 500 chars):\n%s", firstN(bodyText, 500))
-	}
-	return "", fmt.Errorf("retry still missing xf_user cookie")
-}
-
-// -------------------------------------------
-// KiwiFlare handling
-// -------------------------------------------
-func (s *CookieRefreshService) solveKiwiFlareIfPresent(base string) error {
-	req, _ := http.NewRequest("GET", base, nil)
-	req.Header.Set("User-Agent", "Mozilla/5.0")
-	resp, err := s.client.Do(req)
+	req, err := http.NewRequestWithContext(ctx, "POST", base+"login/login",
+		strings.NewReader(form.Encode()))
 	if err != nil {
 		return err
 	}
-	defer resp.Body.Close()
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Referer", base+"login")
+	req.Header.Set("Origin", strings.TrimSuffix(base, "/"))
 
-	body, _ := io.ReadAll(resp.Body)
-	html := string(body)
-
-	// Look for data-sssg-challenge and difficulty
-	re := regexp.MustCompile(`data-sssg-challenge=["']([0-9a-fA-F]+)["'][^>]*data-sssg-difficulty=["'](\d+)["']`)
-	m := re.FindStringSubmatch(html)
-	if len(m) < 3 {
-		if s.debug {
-			log.Println("No KiwiFlare POW detected")
-		}
-		return nil
-	}
-	token := m[1]
-	diff, _ := strconv.Atoi(m[2])
-
-	if s.debug {
-		log.Printf("Solving KiwiFlare challenge (difficulty=%d, token=%s...)", diff, abbreviate(token, 10))
-	}
-	nonce, dur, err := s.solvePoW(token, diff)
+	postResp, err := s.do(req)
 	if err != nil {
-		return err
-	}
-	if s.debug {
-		log.Printf("✅ KiwiFlare challenge solved in %v (nonce=%s)", dur, nonce)
+		return fmt.Errorf("login POST: %w", err)
 	}
+	postResp.Body.Close()
 
-	// Submit solution
-	answerURL := fmt.Sprintf("https://%s/.sssg/api/answer", s.domain)
-	form := url.Values{"a": {token}, "b": {nonce}}
-	subReq, _ := http.NewRequest("POST", answerURL, strings.NewReader(form.Encode()))
-	subReq.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	subReq.Header.Set("User-Agent", "Mozilla/5.0")
-	subResp, err := s.client.Do(subReq)
-	if err != nil {
-		return err
+	if s.cookies["xf_user"] == "" {
+		return fmt.Errorf("xf_user not set after login — check credentials")
 	}
-	defer subResp.Body.Close()
-
-	if subResp.StatusCode != 200 {
-		body, _ := io.ReadAll(subResp.Body)
-		return fmt.Errorf("challenge solve HTTP %d (%s)", subResp.StatusCode, strings.TrimSpace(string(body)))
-	}
-
-	// Check jar for sssg_clearance
-	rootURL, _ := url.Parse(fmt.Sprintf("https://%s/", s.domain))
-	for _, c := range s.jar.Cookies(rootURL) {
-		if c.Name == "sssg_clearance" {
-			if s.debug {
-				log.Printf("✅ KiwiFlare clearance cookie confirmed: %s...", abbreviate(c.Value, 10))
-			}
-			break
-		}
-	}
-
-	time.Sleep(2 * time.Second)
+	log.Println("✅ xf_user cookie obtained")
 	return nil
 }
 
-func (s *CookieRefreshService) solvePoW(token string, difficulty int) (string, time.Duration, error) {
-	start := time.Now()
-	nonce := rand.Int63()
-	requiredBytes := difficulty / 8
-	requiredBits := difficulty % 8
-	const maxAttempts = 10_000_000
+// Refresh gets a fresh xf_session. Falls back to full re-login if xf_user lost.
+// Mirrors sockchat's kf.RefreshSession() call in connect().
+func (s *SessionService) Refresh(ctx context.Context) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
 
-	for attempts := 0; attempts < maxAttempts; attempts++ {
-		nonce++
-		input := token + fmt.Sprintf("%d", nonce)
-		sum := sha256.Sum256([]byte(input))
+	log.Println("🔄 Refreshing session...")
+	s.setCookie("xf_session", "")
 
-		// Check leading zero bits
-		ok := true
-		for i := 0; i < requiredBytes; i++ {
-			if sum[i] != 0 {
-				ok = false
-				break
-			}
-		}
-		if ok && requiredBits > 0 && requiredBytes < len(sum) {
-			mask := byte(0xFF << (8 - requiredBits))
-			if sum[requiredBytes]&mask != 0 {
-				ok = false
-			}
-		}
-		if ok {
-			elapsed := time.Since(start)
-			// Stretch to >= ~1.7s to look human
-			if elapsed < 1700*time.Millisecond {
-				time.Sleep(1700*time.Millisecond - elapsed)
-				elapsed = 1700 * time.Millisecond
-			}
-			return fmt.Sprintf("%d", nonce), elapsed, nil
-		}
+	resp, err := s.get(ctx, s.domain)
+	if err != nil {
+		return err
 	}
-	return "", 0, fmt.Errorf("failed to solve PoW within %d attempts", maxAttempts)
+	resp.Body.Close()
+
+	if s.cookies["xf_user"] == "" {
+		log.Println("⚠️ xf_user lost — re-logging in...")
+		return s.login(ctx)
+	}
+
+	log.Println("✅ Session refreshed")
+	return nil
 }
 
+// CookieString returns current cookies as a Cookie header value.
+// ttrs_clearance is intentionally excluded — it must be solved fresh
+// per-endpoint before each WebSocket connection attempt.
+func (s *SessionService) CookieString() string {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.cookieHeader()
+}
+
+// CookieStringForWS returns cookies for the WebSocket dial with ttrs_clearance
+// excluded. The caller must solve the clearance challenge for the WS endpoint
+// first and inject it directly into the dial headers.
+func (s *SessionService) CookieStringForWS() string {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	parts := make([]string, 0, len(s.cookies))
+	for k, v := range s.cookies {
+		if v != "" && k != "ttrs_clearance" {
+			parts = append(parts, k+"="+v)
+		}
+	}
+	return strings.Join(parts, "; ")
+}
+
+// SolveForHost solves a KiwiFlare 203 challenge from a non-standard port
+// endpoint (e.g. the WebSocket on 9443). The challenge body is parsed locally
+// but the solution is always submitted to port 443 — mirroring sockchat's
+// behaviour via cerberus, whose postSolution uses Hostname() (strips port).
+// The clearance issued by 443 is accepted by 9443.
+func (s *SessionService) SolveForHost(ctx context.Context, body []byte) (string, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	before := s.cookies["ttrs_clearance"]
+	// Always submit to the base domain on port 443.
+	if err := s.solveAndSubmit(ctx, body, s.domain.Hostname()); err != nil {
+		return "", err
+	}
+	after := s.cookies["ttrs_clearance"]
+	if after == before {
+		return "", fmt.Errorf("ttrs_clearance unchanged after solve — submit may have failed")
+	}
+	return after, nil
+}
+
+// --- PoW solver ---
+
+func parseChallengeHTML(body string) (salt string, diff uint32, err error) {
+	sm := regexp.MustCompile(`data-ttrs-challenge=["']([^"']+)["']`).FindStringSubmatch(body)
+	dm := regexp.MustCompile(`data-ttrs-difficulty=["'](\d+)["']`).FindStringSubmatch(body)
+	if len(sm) < 2 || len(dm) < 2 {
+		return "", 0, fmt.Errorf("challenge attributes not found in HTML")
+	}
+	var d int
+	fmt.Sscanf(dm[1], "%d", &d)
+	return sm[1], uint32(d), nil
+}
+
+func solvePoW(ctx context.Context, salt string, difficulty uint32) (uint64, error) {
+	nbytes := difficulty / 8
+	rem := difficulty % 8
+	var mask byte
+	for i := uint32(0); i < rem; i++ {
+		mask = (mask << 1) | 1
+	}
+	if rem > 0 {
+		mask <<= 8 - rem
+	}
+
+	var nonce uint64
+	for {
+		select {
+		case <-ctx.Done():
+			return 0, ctx.Err()
+		default:
+		}
+		nonce++
+		h := sha256.Sum256([]byte(fmt.Sprintf("%s%d", salt, nonce)))
+		if leadingZeros(h[:], nbytes, rem, mask) {
+			return nonce, nil
+		}
+	}
+}
+
+func leadingZeros(hash []byte, nbytes, rem uint32, mask byte) bool {
+	for i := uint32(0); i < nbytes; i++ {
+		if hash[i] != 0 {
+			return false
+		}
+	}
+	if rem == 0 {
+		return true
+	}
+	return hash[nbytes]&mask == 0
+}
+
+// --- helpers ---
+
 func extractCSRF(body string) string {
-	patterns := []*regexp.Regexp{
+	for _, re := range []*regexp.Regexp{
 		regexp.MustCompile(`data-csrf=["']([^"']+)["']`),
 		regexp.MustCompile(`"csrf":"([^"]+)"`),
 		regexp.MustCompile(`XF\.config\.csrf\s*=\s*"([^"]+)"`),
-	}
-	for _, re := range patterns {
+	} {
 		if m := re.FindStringSubmatch(body); len(m) >= 2 {
 			return m[1]
 		}
@@ -412,83 +412,9 @@ func extractCSRF(body string) string {
 	return ""
 }
 
-func hasCookie(cookies []*http.Cookie, name string) bool {
-	for _, c := range cookies {
-		if c.Name == name {
-			return true
-		}
+func min(a, b int) int {
+	if a < b {
+		return a
 	}
-	return false
+	return b
 }
-
-func buildCookieString(cookies []*http.Cookie) string {
-	want := map[string]bool{
-		"sssg_clearance": true,
-		"xf_csrf":        true,
-		"xf_session":     true,
-		"xf_user":        true,
-		"xf_toggle":      true,
-	}
-	var parts []string
-	for _, c := range cookies {
-		if want[c.Name] {
-			parts = append(parts, fmt.Sprintf("%s=%s", c.Name, c.Value))
-		}
-	}
-	return strings.Join(parts, "; ")
-}
-
-func (s *CookieRefreshService) validateSessionUsingAccount(accountURL string, rootURL *url.URL) (bool, string) {
-	if s.debug {
-		log.Println("🔍 Validating session via /account/ ...")
-	}
-	req, _ := http.NewRequest("GET", accountURL, nil)
-	req.Header.Set("User-Agent", "Mozilla/5.0")
-	resp, err := s.client.Do(req)
-	if err != nil {
-		if s.debug {
-			log.Printf("⚠️ /account/ request error: %v", err)
-		}
-		return false, ""
-	}
-	defer resp.Body.Close()
-
-	body, _ := io.ReadAll(resp.Body)
-	snippet := firstN(string(body), 500)
-
-	if s.debug {
-		log.Printf("🔍 Accessed /account/ (%d)", resp.StatusCode)
-		log.Printf("📄 /account/ HTML snippet:\n%s", snippet)
-		for _, c := range s.jar.Cookies(rootURL) {
-			log.Printf("🍪 Cookie after /account/: %s=%s...", c.Name, abbreviate(c.Value, 10))
-		}
-	}
-
-	// Consider logged-in if data-logged-in="true" or the template isn't "login"
-	if strings.Contains(snippet, `data-logged-in="true"`) ||
-		(!strings.Contains(snippet, `data-template="login"`) && resp.StatusCode == 200) {
-		return true, buildCookieString(s.jar.Cookies(rootURL))
-	}
-	return false, ""
-}
-
-func logCookies(prefix string, cookies []*http.Cookie) {
-	log.Printf("%s (%d):", prefix, len(cookies))
-	for _, c := range cookies {
-		log.Printf("  - %s = %s...", c.Name, abbreviate(c.Value, 10))
-	}
-}
-
-func firstN(s string, n int) string {
-	if len(s) <= n {
-		return s
-	}
-	return s[:n]
-}
-
-func abbreviate(s string, n int) string {
-	if len(s) <= n {
-		return s
-	}
-	return s[:n]
-}

discord/bridge.go

@@ -22,6 +22,9 @@ import (
 const (
 	MaxAttachments              = 4
 	ProcessedCacheSize          = 250
+	OverflowThreshold           = 10
+	OverflowRecoveryThreshold   = 5
+	OverflowBatchSize           = 15
 	MappingCacheSize            = 1000
 	MappingMaxAge               = 1 * time.Hour
 	MappingCleanupInterval      = 5 * time.Minute
@@ -73,8 +76,10 @@ type Bridge struct {
 	outageMessagesMu    sync.Mutex
 	outageStart         time.Time
 
-	stopCh chan struct{}
-	wg     sync.WaitGroup
+	stopCh     chan struct{}
+	wg         sync.WaitGroup
+	msgQueue   chan map[string]interface{}
+	overflow   bool
 }
 
 func NewBridge(cfg *config.Config, sneedClient *sneed.Client) (*Bridge, error) {
@@ -98,10 +103,11 @@ func NewBridge(cfg *config.Config, sneedClient *sneed.Client) (*Bridge, error) {
 		queuedOutbound: make([]QueuedMessage, 0),
 		outageNotices:  make([]*discordgo.Message, 0),
 		stopCh:         make(chan struct{}),
+		msgQueue:       make(chan map[string]interface{}, 500),
 	}
 
 	// hook Sneed client callbacks
-	sneedClient.OnMessage = b.onSneedMessage
+	sneedClient.OnMessage = b.enqueueSneedMessage
 	sneedClient.OnEdit = b.handleSneedEdit
 	sneedClient.OnDelete = b.handleSneedDelete
 	sneedClient.OnConnect = b.onSneedConnect
@@ -124,8 +130,10 @@ func (b *Bridge) Start() error {
 	if err := b.session.Open(); err != nil {
 		return err
 	}
-	b.wg.Add(1)
+	b.wg.Add(3)
 	go b.cleanupLoop()
+	go b.messageWorker()
+	go b.messageWorker()
 	return nil
 }
 
@@ -186,8 +194,9 @@ func (b *Bridge) onDiscordMessageCreate(s *discordgo.Session, m *discordgo.Messa
 
 	if m.ReferencedMessage != nil {
 		refDiscordID := parseMessageID(m.ReferencedMessage.ID)
-		if sneedIDInt, ok := b.discordToSneed.Get(refDiscordID); ok {
-			if uname, ok2 := b.sneedUsernames.Get(sneedIDInt.(int)); ok2 {
+		if sneedUUIDVal, ok := b.discordToSneed.Get(strconv.Itoa(refDiscordID)); ok {
+			sneedUUID := sneedUUIDVal.(string)
+			if uname, ok2 := b.sneedUsernames.Get(sneedUUID); ok2 {
 				contentText = fmt.Sprintf("@%s, %s", uname.(string), contentText)
 			}
 		}
@@ -289,14 +298,14 @@ func (b *Bridge) onDiscordMessageEdit(s *discordgo.Session, m *discordgo.Message
 		return
 	}
 	discordID := parseMessageID(m.ID)
-	sneedIDInt, ok := b.discordToSneed.Get(discordID)
+	sneedUUIDVal, ok := b.discordToSneed.Get(strconv.Itoa(discordID))
 	if !ok {
 		return
 	}
-	sneedID := sneedIDInt.(int)
-	payload := map[string]interface{}{"id": sneedID, "message": strings.TrimSpace(m.Content)}
+	sneedUUID := sneedUUIDVal.(string)
+	payload := map[string]interface{}{"uuid": sneedUUID, "message": strings.TrimSpace(m.Content)}
 	data, _ := json.Marshal(payload)
-	log.Printf("↩️ Discord edit -> Sneedchat (sneed_id=%d)", sneedID)
+	log.Printf("↩️ Discord edit -> Sneedchat (sneed_uuid=%s)", sneedUUID)
 	b.sneed.Send(fmt.Sprintf("/edit %s", string(data)))
 }
 
@@ -305,12 +314,98 @@ func (b *Bridge) onDiscordMessageDelete(s *discordgo.Session, m *discordgo.Messa
 		return
 	}
 	discordID := parseMessageID(m.ID)
-	sneedIDInt, ok := b.discordToSneed.Get(discordID)
+	sneedUUIDVal, ok := b.discordToSneed.Get(strconv.Itoa(discordID))
 	if !ok {
 		return
 	}
-	log.Printf("↩️ Discord delete -> Sneedchat (sneed_id=%d)", sneedIDInt.(int))
-	b.sneed.Send(fmt.Sprintf("/delete %d", sneedIDInt.(int)))
+	sneedUUID := sneedUUIDVal.(string)
+	log.Printf("↩️ Discord delete -> Sneedchat (sneed_uuid=%s)", sneedUUID)
+	b.sneed.Send(fmt.Sprintf("/delete %s", sneedUUID))
+}
+
+func (b *Bridge) messageWorker() {
+	defer b.wg.Done()
+	for {
+		select {
+		case <-b.stopCh:
+			return
+		case msg, ok := <-b.msgQueue:
+			if !ok {
+				return
+			}
+			depth := len(b.msgQueue)
+			if !b.overflow && depth >= OverflowThreshold {
+				b.overflow = true
+				log.Printf("⚠️ Message queue overflow (%d pending), switching to batch mode", depth)
+			} else if b.overflow && depth <= OverflowRecoveryThreshold {
+				b.overflow = false
+				log.Printf("✅ Message queue recovered (%d pending), switching to normal mode", depth)
+			}
+			if b.overflow {
+				batch := []map[string]interface{}{msg}
+				for len(batch) < OverflowBatchSize {
+					select {
+					case next, ok := <-b.msgQueue:
+						if !ok {
+							break
+						}
+						batch = append(batch, next)
+					default:
+						goto flushBatch
+					}
+				}
+			flushBatch:
+				b.sendOverflowBatch(batch)
+			} else {
+				b.onSneedMessage(msg)
+			}
+		}
+	}
+}
+
+func (b *Bridge) sendOverflowBatch(batch []map[string]interface{}) {
+	if len(batch) == 0 {
+		return
+	}
+
+	var description strings.Builder
+	for _, msg := range batch {
+		username, _ := msg["username"].(string)
+		rawContent, _ := msg["content"].(string)
+		content := utils.BBCodeToMarkdown(rawContent)
+		content = sneed.ReplaceBridgeMention(content, b.cfg.BridgeUsername, b.cfg.DiscordPingUserID)
+
+		var ts string
+		if raw, ok := msg["raw"].(sneed.SneedMessage); ok && raw.MessageDate > 0 {
+			ts = time.Unix(int64(raw.MessageDate), 0).Format("3:04:05 PM")
+		}
+
+		description.WriteString(fmt.Sprintf("**%s** %s\n%s\n\n", username, ts, content))
+	}
+
+	webhookID, webhookToken := parseWebhookURL(b.cfg.DiscordWebhookURL)
+	embed := &discordgo.MessageEmbed{
+		Title:       "overflow mode",
+		Description: strings.TrimSpace(description.String()),
+		Color:       OutageEmbedColorActive,
+	}
+	params := &discordgo.WebhookParams{
+		Embeds: []*discordgo.MessageEmbed{embed},
+	}
+	_, err := b.session.WebhookExecute(webhookID, webhookToken, false, params)
+	if err != nil {
+		log.Printf("❌ Failed to send overflow batch: %v", err)
+		return
+	}
+	log.Printf("📦 Sent overflow batch of %d messages", len(batch))
+}
+
+func (b *Bridge) enqueueSneedMessage(msg map[string]interface{}) {
+	select {
+	case b.msgQueue <- msg:
+	default:
+		log.Printf("⚠️ Message queue full, dropping message from %s", msg["username"])
+	}
 }
 
 func (b *Bridge) onSneedMessage(msg map[string]interface{}) {
@@ -348,17 +443,17 @@ func (b *Bridge) onSneedMessage(msg map[string]interface{}) {
 	log.Printf("✅ Sent Sneedchat → Discord: %s", username)
 
 	if sent != nil {
-		if mid, ok := msg["message_id"].(int); ok && mid > 0 {
+		if uuid, ok := msg["message_uuid"].(string); ok && uuid != "" {
 			discordMsgID := parseMessageID(sent.ID)
-			b.sneedToDiscord.Set(mid, discordMsgID)
-			b.discordToSneed.Set(discordMsgID, mid)
-			b.sneedUsernames.Set(mid, username)
+			b.sneedToDiscord.Set(uuid, discordMsgID)
+			b.discordToSneed.Set(strconv.Itoa(discordMsgID), uuid)
+			b.sneedUsernames.Set(uuid, username)
 		}
 	}
 }
 
-func (b *Bridge) handleSneedEdit(sneedID int, newContent string) {
-	discordIDInt, ok := b.sneedToDiscord.Get(sneedID)
+func (b *Bridge) handleSneedEdit(sneedUUID string, newContent string) {
+	discordIDInt, ok := b.sneedToDiscord.Get(sneedUUID)
 	if !ok {
 		return
 	}
@@ -371,11 +466,11 @@ func (b *Bridge) handleSneedEdit(sneedID int, newContent string) {
 		log.Printf("❌ Failed to edit Discord message id=%d: %v", discordID, err)
 		return
 	}
-	log.Printf("✏️ Edited Discord (webhook) message id=%d (sneed_id=%d)", discordID, sneedID)
+	log.Printf("✏️ Edited Discord (webhook) message id=%d (sneed_uuid=%s)", discordID, sneedUUID)
 }
 
-func (b *Bridge) handleSneedDelete(sneedID int) {
-	discordIDInt, ok := b.sneedToDiscord.Get(sneedID)
+func (b *Bridge) handleSneedDelete(sneedUUID string) {
+	discordIDInt, ok := b.sneedToDiscord.Get(sneedUUID)
 	if !ok {
 		return
 	}
@@ -386,10 +481,10 @@ func (b *Bridge) handleSneedDelete(sneedID int) {
 		log.Printf("❌ Failed to delete Discord message id=%d: %v", discordID, err)
 		return
 	}
-	log.Printf("🗑️ Deleted Discord (webhook) message id=%d (sneed_id=%d)", discordID, sneedID)
-	b.sneedToDiscord.Delete(sneedID)
-	b.discordToSneed.Delete(discordID)
-	b.sneedUsernames.Delete(sneedID)
+	log.Printf("🗑️ Deleted Discord (webhook) message id=%d (sneed_uuid=%s)", discordID, sneedUUID)
+	b.sneedToDiscord.Delete(sneedUUID)
+	b.discordToSneed.Delete(strconv.Itoa(discordID))
+	b.sneedUsernames.Delete(sneedUUID)
 }
 
 func (b *Bridge) onSneedConnect() {
@@ -575,11 +670,11 @@ func (b *Bridge) recentOutboundIter() []map[string]interface{} {
 	return res
 }
 
-func (b *Bridge) mapDiscordSneed(discordID, sneedID int, username string) {
-	b.discordToSneed.Set(discordID, sneedID)
-	b.sneedToDiscord.Set(sneedID, discordID)
-	b.sneedUsernames.Set(sneedID, username)
-	log.Printf("Mapped sneed_id=%d <-> discord_id=%d (username='%s')", sneedID, discordID, username)
+func (b *Bridge) mapDiscordSneed(sneedUUID string, discordID int, username string) {
+	b.discordToSneed.Set(strconv.Itoa(discordID), sneedUUID)
+	b.sneedToDiscord.Set(sneedUUID, discordID)
+	b.sneedUsernames.Set(sneedUUID, username)
+	log.Printf("Mapped sneed_uuid=%s <-> discord_id=%d (username='%s')", sneedUUID, discordID, username)
 }
 
 func (b *Bridge) sendUploadStatusMessage(channelID, mention string, attachmentCount int) (*discordgo.Message, error) {
@@ -629,7 +724,7 @@ func (b *Bridge) awaitSneedConfirmation(discordID int, channelID, statusMessageI
 	for {
 		select {
 		case <-ticker.C:
-			if _, ok := b.discordToSneed.Get(discordID); ok {
+			if _, ok := b.discordToSneed.Get(strconv.Itoa(discordID)); ok {
 				desc := "Delivered to Sneedchat."
 				b.editUploadStatusMessage(channelID, statusMessageID, b.uploadStatusTitle("complete"), desc, UploadStatusColorSuccess)
 				b.scheduleUploadStatusDeletion(channelID, statusMessageID, UploadStatusCleanupDelay)

docker-compose.yml

@@ -0,0 +1,17 @@
+services:
+  sneedchat-bridge:
+    build: .
+    restart: unless-stopped
+    environment:
+      - DISCORD_BOT_TOKEN=${DISCORD_BOT_TOKEN}
+      - DISCORD_CHANNEL_ID=${DISCORD_CHANNEL_ID}
+      - DISCORD_GUILD_ID=${DISCORD_GUILD_ID}
+      - DISCORD_PING_USER_ID=${DISCORD_PING_USER_ID}
+      - DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL}
+      - RECONNECT_INTERVAL=${RECONNECT_INTERVAL:-5}
+      - MEDIA_UPLOAD_SERVICE=${MEDIA_UPLOAD_SERVICE:-litterbox}
+      - SNEEDCHAT_ROOM_ID=${SNEEDCHAT_ROOM_ID:-1}
+      - ENABLE_FILE_LOGGING=${ENABLE_FILE_LOGGING:-false}
+      - BRIDGE_USER_ID=${BRIDGE_USER_ID}
+      - BRIDGE_USERNAME=${BRIDGE_USERNAME}
+      - BRIDGE_PASSWORD=${BRIDGE_PASSWORD}

go.mod

@@ -1,15 +1,19 @@
 module local/sneedchatbridge
 
-go 1.23
+go 1.25.6
 
 require (
+	gitgud.io/yats/libkiwi v0.0.0-20260214165635-8e0720d58701
 	github.com/bwmarrin/discordgo v0.27.1
 	github.com/gorilla/websocket v1.5.1
 	github.com/joho/godotenv v1.5.1
 )
 
 require (
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
+	gitgud.io/yats/cerberus v0.0.0-20260214165307-66e6f74a4be9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.3 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
 )

go.sum

@@ -1,3 +1,7 @@
+gitgud.io/yats/cerberus v0.0.0-20260214165307-66e6f74a4be9 h1:OSYrnxTeCuvaX6O8/AHUE4Xndb76vtcVwdvdLtGfp4Q=
+gitgud.io/yats/cerberus v0.0.0-20260214165307-66e6f74a4be9/go.mod h1:WVfXXYUHR8x5hX0cpRUOlaeRqxR/9JxYhLbjFSb/jjc=
+gitgud.io/yats/libkiwi v0.0.0-20260214165635-8e0720d58701 h1:cKIfr4ko4VlrCR4cbVpBJ1/1p9D4IWpGQnXWiPWoHZU=
+gitgud.io/yats/libkiwi v0.0.0-20260214165635-8e0720d58701/go.mod h1:7oHOXzBQep8VqlnmDeq/ItH3FkrXJY1IWWAQNG89MVM=
 github.com/bwmarrin/discordgo v0.27.1 h1:ib9AIc/dom1E/fSIulrBwnez0CToJE113ZGt4HoliGY=
 github.com/bwmarrin/discordgo v0.27.1/go.mod h1:NJZpH+1AfhIcyQsPeuBKsUtYrRnjkyu0kIVMCHkZtRY=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@@ -5,15 +9,20 @@ github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/
 github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
+github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU=
+github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
+github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
+github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	"log"
 	"os"
 	"os/signal"
@@ -14,35 +15,40 @@ import (
 
 func main() {
 	envFile := ".env"
+	debugFlag := false
 	for i, a := range os.Args {
 		if a == "--env" && i+1 < len(os.Args) {
 			envFile = os.Args[i+1]
 		}
+		if a == "--debug" {
+			debugFlag = true
+		}
 	}
 
 	cfg, err := config.Load(envFile)
 	if err != nil {
 		log.Fatalf("Failed to load config: %v", err)
 	}
+	cfg.Debug = cfg.Debug || debugFlag
 	log.Printf("Using .env file: %s", envFile)
 	log.Printf("Using Sneedchat room ID: %d", cfg.SneedchatRoomID)
 	log.Printf("Bridge username: %s", cfg.BridgeUsername)
 
-	// Cookie service (now handles its own refresh loop)
-	cookieSvc, err := cookie.NewCookieRefreshService(cfg.BridgeUsername, cfg.BridgePassword, "kiwifarms.st")
+	ctx, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
+	defer cancel()
+
+	// SessionService owns the TLS config, cookie store, and shared transport.
+	// Login is performed here; cookies are stored as plain strings, no jar.
+	session, err := cookie.NewSessionService(ctx, "kiwifarms.st", cfg.BridgeUsername, cfg.BridgePassword)
 	if err != nil {
-		log.Fatalf("Failed to create cookie service: %v", err)
-	}
-	cookieSvc.Start()
-	cookieSvc.WaitForCookie()
-	if cookieSvc.GetCurrentCookie() == "" {
-		log.Fatal("❌ Failed to obtain initial cookie, cannot start bridge")
+		log.Fatalf("❌ Failed to establish session: %v", err)
 	}
 
-	// Sneedchat client
-	sneedClient := sneed.NewClient(cfg.SneedchatRoomID, cookieSvc)
+	// NewClient uses session.Transport() for the WebSocket dialer,
+	// mirroring sockchat's NewSocket pattern exactly.
+	sneedClient := sneed.NewClient(cfg.SneedchatRoomID, session, cfg.Debug)
+	sneedClient.SetBridgeIdentity(cfg.BridgeUserID, cfg.BridgeUsername)
 
-	// Discord bridge
 	bridge, err := discord.NewBridge(cfg, sneedClient)
 	if err != nil {
 		log.Fatalf("Failed to create Discord bridge: %v", err)
@@ -52,21 +58,16 @@ func main() {
 	}
 	log.Println("🌉 Discord-Sneedchat Bridge started successfully")
 
-	// Connect to Sneedchat
 	go func() {
-		if err := sneedClient.Connect(); err != nil {
+		if err := sneedClient.Connect(ctx); err != nil {
 			log.Printf("Initial Sneedchat connect failed: %v", err)
 		}
 	}()
 
-	// Graceful shutdown
-	sig := make(chan os.Signal, 1)
-	signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
-	<-sig
-
+	<-ctx.Done()
 	log.Println("Shutdown signal received, cleaning up...")
 	bridge.Stop()
 	sneedClient.Disconnect()
-	cookieSvc.Stop()
+	session.Close()
 	log.Println("Bridge stopped successfully")
-}
+}

sneed/client.go

@@ -1,12 +1,15 @@
 package sneed
 
 import (
+	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"html"
 	"log"
 	"net/http"
 	"regexp"
+	"slices"
 	"sync"
 	"time"
 
@@ -16,57 +19,74 @@ import (
 )
 
 const (
-	ProcessedCacheSize      = 1000 // Increased from 250
-	ReconnectInterval       = 7 * time.Second
-	MappingCacheSize        = 1000
-	MappingCleanupInterval  = 5 * time.Minute
-	MappingMaxAge           = 1 * time.Hour
-	OutboundMatchWindow     = 60 * time.Second
-	PingIdleThreshold       = 60 * time.Second
-	StaleRejoinThreshold    = 90 * time.Second
-	StaleReconnectThreshold = 3 * time.Minute
-	RejoinCooldown          = 30 * time.Second
+	ProcessedCacheSize     = 1000
+	ReconnectInterval      = 7 * time.Second
+	MappingCacheSize       = 1000
+	MappingCleanupInterval = 5 * time.Minute
+	MappingMaxAge          = 1 * time.Hour
+	OutboundMatchWindow    = 60 * time.Second
 )
 
+// socketTLSConfig mirrors the config used by sockchat: broad cipher suite list
+// to avoid KiwiFlare TLS fingerprint detection on the WebSocket upgrade.
+func socketTLSConfig() *tls.Config {
+	suites := slices.Concat(tls.CipherSuites(), tls.InsecureCipherSuites())
+	ids := make([]uint16, len(suites))
+	for i, s := range suites {
+		ids[i] = s.ID
+	}
+	return &tls.Config{CipherSuites: ids}
+}
+
+
 type Client struct {
 	wsURL   string
 	roomID  int
-	cookies *cookie.CookieRefreshService
+	session *cookie.SessionService
 
+	dialer    websocket.Dialer
 	conn      *websocket.Conn
 	connected bool
 	mu        sync.RWMutex
 
-	lastMessage     time.Time
-	lastJoinAttempt time.Time
-	stopCh          chan struct{}
-	wg              sync.WaitGroup
+	lastMessage time.Time
+	stopCh      chan struct{}
+	wg          sync.WaitGroup
 
-	processedMu         sync.Mutex
-	processedMessageIDs []int
-	messageEditDates    *utils.BoundedMap
+	processedMu      sync.Mutex
+	processedUUIDs   []string
+	messageEditDates *utils.BoundedMap
 
 	OnMessage    func(map[string]interface{})
-	OnEdit       func(int, string)
-	OnDelete     func(int)
+	OnEdit       func(string, string)
+	OnDelete     func(string)
 	OnConnect    func()
 	OnDisconnect func()
 
 	recentOutboundIter func() []map[string]interface{}
-	mapDiscordSneed    func(int, int, string)
+	mapDiscordSneed    func(string, int, string)
 
 	bridgeUserID     int
 	bridgeUsername   string
 	baseLoopsStarted bool
+	debug            bool
 }
 
-func NewClient(roomID int, cookieSvc *cookie.CookieRefreshService) *Client {
+func NewClient(roomID int, session *cookie.SessionService, debug bool) *Client {
+	tr := session.Transport()
+
 	return &Client{
-		wsURL:               "wss://kiwifarms.st:9443/chat.ws",
-		roomID:              roomID,
-		cookies:             cookieSvc,
+		wsURL:   "wss://kiwifarms.st:9443/chat.ws",
+		roomID:  roomID,
+		session: session,
+		debug:   debug,
+		dialer: websocket.Dialer{
+			EnableCompression: true,
+			NetDialContext:    tr.DialContext,
+			TLSClientConfig:   tr.TLSClientConfig,
+		},
 		stopCh:              make(chan struct{}),
-		processedMessageIDs: make([]int, 0, ProcessedCacheSize),
+		processedUUIDs: make([]string, 0, ProcessedCacheSize),
 		messageEditDates:    utils.NewBoundedMap(MappingCacheSize, MappingMaxAge),
 		lastMessage:         time.Now(),
 	}
@@ -77,7 +97,7 @@ func (c *Client) SetBridgeIdentity(userID int, username string) {
 	c.bridgeUsername = username
 }
 
-func (c *Client) Connect() error {
+func (c *Client) Connect(ctx context.Context) error {
 	c.mu.Lock()
 	if c.connected {
 		c.mu.Unlock()
@@ -85,15 +105,43 @@ func (c *Client) Connect() error {
 	}
 	c.mu.Unlock()
 
-	headers := http.Header{}
-	if ck := c.cookies.GetCurrentCookie(); ck != "" {
-		headers.Add("Cookie", ck)
+	// Exclude ttrs_clearance — must be solved fresh for port 9443.
+	headers := http.Header{
+		"Cookie": {c.session.CookieStringForWS()},
 	}
 
 	log.Printf("Connecting to Sneedchat room %d", c.roomID)
-	conn, _, err := websocket.DefaultDialer.Dial(c.wsURL, headers)
+	if c.debug {
+		log.Printf("🍪 Dial cookies: %s", headers.Get("Cookie"))
+	}
+
+	conn, resp, err := c.dialer.DialContext(ctx, c.wsURL, headers)
 	if err != nil {
-		return fmt.Errorf("websocket connection failed: %w", err)
+		if resp != nil && resp.StatusCode == 203 {
+			log.Println("⚠️ Got 203 on WebSocket dial — solving challenge...")
+			body := make([]byte, 0)
+			if resp.Body != nil {
+				buf := make([]byte, 8192)
+				n, _ := resp.Body.Read(buf)
+				body = buf[:n]
+				resp.Body.Close()
+			}
+			clearance, serr := c.session.SolveForHost(ctx, body)
+			if serr != nil {
+				return fmt.Errorf("PoW solve for WS endpoint: %w", serr)
+			}
+			wsBase := c.session.CookieStringForWS()
+			headers["Cookie"] = []string{wsBase + "; ttrs_clearance=" + clearance}
+			if c.debug {
+				log.Printf("🍪 Retry dial cookies: %s", headers.Get("Cookie"))
+			}
+			conn, _, err = c.dialer.DialContext(ctx, c.wsURL, headers)
+			if err != nil {
+				return fmt.Errorf("websocket connection failed after PoW solve: %w", err)
+			}
+		} else {
+			return fmt.Errorf("websocket connection failed: %w", err)
+		}
 	}
 
 	c.mu.Lock()
@@ -110,9 +158,9 @@ func (c *Client) Connect() error {
 	}
 
 	c.wg.Add(1)
-	go c.readLoop()
+	go c.readLoop(ctx)
 
-	c.joinRoom()
+	c.Send(fmt.Sprintf("/join %d", c.roomID))
 	log.Printf("✅ Successfully connected to Sneedchat room %d", c.roomID)
 	if c.OnConnect != nil {
 		c.OnConnect()
@@ -120,17 +168,11 @@ func (c *Client) Connect() error {
 	return nil
 }
 
-func (c *Client) joinRoom() bool {
-	sent := c.Send(fmt.Sprintf("/join %d", c.roomID))
-	if sent {
-		c.mu.Lock()
-		c.lastJoinAttempt = time.Now()
-		c.mu.Unlock()
-	}
-	return sent
+func (c *Client) joinRoom() {
+	c.Send(fmt.Sprintf("/join %d", c.roomID))
 }
 
-func (c *Client) readLoop() {
+func (c *Client) readLoop(ctx context.Context) {
 	defer c.wg.Done()
 	for {
 		select {
@@ -149,17 +191,50 @@ func (c *Client) readLoop() {
 		_, message, err := conn.ReadMessage()
 		if err != nil {
 			log.Printf("Sneedchat read error: %v", err)
-			c.handleDisconnect()
+			c.handleDisconnect(ctx)
 			return
 		}
+
+		raw := string(message)
+
+		// Server sends plaintext "cannot join" when session has expired.
+		if isCannotJoin(raw) {
+			log.Println("⚠️ 'cannot join' received — refreshing session and reconnecting...")
+			if rerr := c.session.Refresh(ctx); rerr != nil {
+				log.Printf("❌ Session refresh failed: %v", rerr)
+			}
+			c.handleDisconnect(ctx)
+			return
+		}
+
+		c.mu.Lock()
 		c.lastMessage = time.Now()
-		c.handleIncoming(string(message))
+		c.mu.Unlock()
+
+		if c.debug {
+			preview := raw
+			if len(preview) > 200 {
+				preview = preview[:200] + "..."
+			}
+			log.Printf("📨 WS recv: %s", preview)
+		}
+
+		c.handleIncoming(raw)
 	}
 }
 
+func isCannotJoin(msg string) bool {
+	return len(msg) > 0 && !isJSON(msg) && len(msg) >= 11 && msg == "cannot join"
+}
+
+func isJSON(s string) bool {
+	var js json.RawMessage
+	return json.Unmarshal([]byte(s), &js) == nil
+}
+
 func (c *Client) heartbeatLoop() {
 	defer c.wg.Done()
-	t := time.NewTicker(15 * time.Second)
+	t := time.NewTicker(30 * time.Second)
 	defer t.Stop()
 	for {
 		select {
@@ -168,46 +243,15 @@ func (c *Client) heartbeatLoop() {
 			connected := c.connected
 			conn := c.conn
 			c.mu.RUnlock()
-			if !connected || conn == nil {
-				continue
-			}
-
-			silence := time.Since(c.lastMessage)
-			if silence > PingIdleThreshold {
+			if connected && time.Since(c.lastMessage) > 60*time.Second && conn != nil {
 				_ = conn.WriteMessage(websocket.TextMessage, []byte("/ping"))
 			}
-			c.handleStaleState(silence)
 		case <-c.stopCh:
 			return
 		}
 	}
 }
 
-func (c *Client) handleStaleState(silence time.Duration) {
-	if silence < StaleRejoinThreshold {
-		return
-	}
-
-	if silence >= StaleReconnectThreshold {
-		log.Printf("⚠️ No Sneedchat messages for %s; recycling websocket", silence.Round(time.Second))
-		c.handleDisconnect()
-		return
-	}
-
-	c.mu.RLock()
-	lastJoin := c.lastJoinAttempt
-	c.mu.RUnlock()
-	if time.Since(lastJoin) < RejoinCooldown {
-		return
-	}
-
-	if c.joinRoom() {
-		log.Printf("⚠️ Sneedchat feed silent for %s, reasserted /join %d", silence.Round(time.Second), c.roomID)
-	} else {
-		log.Printf("⚠️ Sneedchat feed silent for %s but websocket not writable; waiting", silence.Round(time.Second))
-	}
-}
-
 func (c *Client) cleanupLoop() {
 	defer c.wg.Done()
 	t := time.NewTicker(MappingCleanupInterval)
@@ -237,17 +281,17 @@ func (c *Client) Send(s string) bool {
 		log.Printf("Sneedchat write error: %v", err)
 		return false
 	}
+	if c.debug {
+		preview := s
+		if len(preview) > 120 {
+			preview = preview[:120] + "..."
+		}
+		log.Printf("📤 WS sent: %s", preview)
+	}
 	return true
 }
 
-func (c *Client) handleDisconnect() {
-	c.mu.RLock()
-	alreadyDisconnected := !c.connected
-	c.mu.RUnlock()
-	if alreadyDisconnected {
-		return
-	}
-
+func (c *Client) handleDisconnect(ctx context.Context) {
 	select {
 	case <-c.stopCh:
 		return
@@ -267,7 +311,6 @@ func (c *Client) handleDisconnect() {
 		c.OnDisconnect()
 	}
 
-	// Reconnection loop with exponential backoff
 	delay := ReconnectInterval
 	maxDelay := 2 * time.Minute
 	attempt := 0
@@ -275,16 +318,14 @@ func (c *Client) handleDisconnect() {
 	for {
 		select {
 		case <-c.stopCh:
-			log.Println("Reconnection cancelled - bridge stopping")
+			log.Println("Reconnection cancelled — bridge stopping")
 			return
 		case <-time.After(delay):
 			attempt++
 			log.Printf("🔄 Reconnection attempt #%d...", attempt)
 
-			if err := c.Connect(); err != nil {
+			if err := c.Connect(ctx); err != nil {
 				log.Printf("⚠️ Reconnect attempt #%d failed: %v", attempt, err)
-
-				// Exponential backoff
 				delay *= 2
 				if delay > maxDelay {
 					delay = maxDelay
@@ -293,11 +334,7 @@ func (c *Client) handleDisconnect() {
 			}
 
 			log.Println("🟢 Reconnected successfully")
-
-			// Allow websocket to stabilize
 			time.Sleep(2 * time.Second)
-
-			// Re-join room
 			c.joinRoom()
 			c.Send("/ping")
 			log.Printf("📍 Rejoined Sneedchat room %d after reconnect", c.roomID)
@@ -320,27 +357,24 @@ func (c *Client) Disconnect() {
 func (c *Client) handleIncoming(raw string) {
 	var payload SneedPayload
 	if err := json.Unmarshal([]byte(raw), &payload); err != nil {
+		if c.debug {
+			log.Printf("⚠️ WS parse error: %v | raw: %.100s", err, raw)
+		}
 		return
 	}
 
-	if payload.Delete != nil {
-		var ids []int
-		switch v := payload.Delete.(type) {
-		case float64:
-			ids = []int{int(v)}
-		case []interface{}:
-			for _, x := range v {
-				if fid, ok := x.(float64); ok {
-					ids = append(ids, int(fid))
-				}
-			}
+	if c.debug {
+		log.Printf("📦 payload: msgs=%d msg=%v del=%v", len(payload.Messages), payload.Message != nil, payload.Delete != nil)
+	}
+
+	for _, uuid := range payload.Delete {
+		if uuid == "" {
+			continue
 		}
-		for _, id := range ids {
-			c.messageEditDates.Delete(id)
-			c.removeFromProcessed(id)
-			if c.OnDelete != nil {
-				c.OnDelete(id)
-			}
+		c.messageEditDates.Delete(uuid)
+		c.removeFromProcessed(uuid)
+		if c.OnDelete != nil {
+			c.OnDelete(uuid)
 		}
 	}
 
@@ -371,20 +405,21 @@ func (c *Client) processMessage(m SneedMessage) {
 	}
 	messageText = html.UnescapeString(messageText)
 
+	uuid := m.MessageUUID
 	editDate := m.MessageEditDate
 	deleted := m.Deleted || m.IsDeleted
 	if deleted {
-		c.messageEditDates.Delete(m.MessageID)
-		c.removeFromProcessed(m.MessageID)
+		c.messageEditDates.Delete(uuid)
+		c.removeFromProcessed(uuid)
 		if c.OnDelete != nil {
-			c.OnDelete(m.MessageID)
+			c.OnDelete(uuid)
 		}
 		return
 	}
 
 	if (c.bridgeUserID > 0 && userID == c.bridgeUserID) ||
 		(c.bridgeUsername != "" && username == c.bridgeUsername) {
-		if m.MessageID > 0 && c.recentOutboundIter != nil && c.mapDiscordSneed != nil {
+		if uuid != "" && c.recentOutboundIter != nil && c.mapDiscordSneed != nil {
 			now := time.Now()
 			for _, entry := range c.recentOutboundIter() {
 				if mapped, ok := entry["mapped"].(bool); ok && mapped {
@@ -394,7 +429,7 @@ func (c *Client) processMessage(m SneedMessage) {
 				if ts, ok := entry["ts"].(time.Time); ok {
 					if content == messageText && now.Sub(ts) <= OutboundMatchWindow {
 						if discordID, ok := entry["discord_id"].(int); ok {
-							c.mapDiscordSneed(discordID, m.MessageID, username)
+							c.mapDiscordSneed(uuid, discordID, username)
 							entry["mapped"] = true
 							break
 						}
@@ -402,72 +437,74 @@ func (c *Client) processMessage(m SneedMessage) {
 				}
 			}
 		}
-		c.addToProcessed(m.MessageID)
-		c.messageEditDates.Set(m.MessageID, editDate)
+		c.addToProcessed(uuid)
+		c.messageEditDates.Set(uuid, editDate)
 		return
 	}
 
-	if c.isProcessed(m.MessageID) {
-		if prev, exists := c.messageEditDates.Get(m.MessageID); exists {
+	if c.isProcessed(uuid) {
+		if prev, exists := c.messageEditDates.Get(uuid); exists {
 			if editDate > prev.(int) {
-				c.messageEditDates.Set(m.MessageID, editDate)
+				c.messageEditDates.Set(uuid, editDate)
 				if c.OnEdit != nil {
-					c.OnEdit(m.MessageID, messageText)
+					c.OnEdit(uuid, messageText)
 				}
 			}
 		}
 		return
 	}
 
-	c.addToProcessed(m.MessageID)
-	c.messageEditDates.Set(m.MessageID, editDate)
+	c.addToProcessed(uuid)
+	c.messageEditDates.Set(uuid, editDate)
 
 	if c.OnMessage != nil {
 		c.OnMessage(map[string]interface{}{
-			"username":   username,
-			"content":    messageText,
-			"message_id": m.MessageID,
-			"author_id":  userID,
-			"raw":        m,
+			"username":     username,
+			"content":      messageText,
+			"message_uuid": uuid,
+			"message_id":   m.MessageID,
+			"author_id":    userID,
+			"raw":          m,
 		})
 	}
 }
 
-func (c *Client) isProcessed(id int) bool {
+func (c *Client) isProcessed(uuid string) bool {
+	if uuid == "" {
+		return false
+	}
 	c.processedMu.Lock()
 	defer c.processedMu.Unlock()
-	for _, x := range c.processedMessageIDs {
-		if x == id {
+	for _, x := range c.processedUUIDs {
+		if x == uuid {
 			return true
 		}
 	}
 	return false
 }
 
-func (c *Client) addToProcessed(id int) {
+func (c *Client) addToProcessed(uuid string) {
+	if uuid == "" {
+		return
+	}
 	c.processedMu.Lock()
 	defer c.processedMu.Unlock()
-
-	c.processedMessageIDs = append(c.processedMessageIDs, id)
-
-	// Hard cap: keep only the most recent 1000 messages (FIFO)
-	if len(c.processedMessageIDs) > ProcessedCacheSize {
-		excess := len(c.processedMessageIDs) - ProcessedCacheSize
-		c.processedMessageIDs = c.processedMessageIDs[excess:]
-
-		// Log when significant eviction happens
-		if excess > 50 {
-			log.Printf("⚠️ Processed message cache full, evicted %d old entries", excess)
-		}
+	c.processedUUIDs = append(c.processedUUIDs, uuid)
+	if len(c.processedUUIDs) > ProcessedCacheSize {
+		excess := len(c.processedUUIDs) - ProcessedCacheSize
+		c.processedUUIDs = c.processedUUIDs[excess:]
 	}
 }
 
-func (c *Client) removeFromProcessed(id int) {
+func (c *Client) removeFromProcessed(uuid string) {
+	if uuid == "" {
+		return
+	}
 	c.processedMu.Lock()
 	defer c.processedMu.Unlock()
-	for i, x := range c.processedMessageIDs {
-		if x == id {
-			c.processedMessageIDs = append(c.processedMessageIDs[:i], c.processedMessageIDs[i+1:]...)
+	for i, x := range c.processedUUIDs {
+		if x == uuid {
+			c.processedUUIDs = append(c.processedUUIDs[:i], c.processedUUIDs[i+1:]...)
 			return
 		}
 	}
@@ -477,10 +514,16 @@ func (c *Client) SetOutboundIter(f func() []map[string]interface{}) {
 	c.recentOutboundIter = f
 }
 
-func (c *Client) SetMapDiscordSneed(f func(int, int, string)) {
+func (c *Client) SetMapDiscordSneed(f func(string, int, string)) {
 	c.mapDiscordSneed = f
 }
 
+func (c *Client) IsConnected() bool {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.connected
+}
+
 func ReplaceBridgeMention(content, bridgeUsername, pingID string) string {
 	if bridgeUsername == "" || pingID == "" {
 		return content
@@ -488,3 +531,6 @@ func ReplaceBridgeMention(content, bridgeUsername, pingID string) string {
 	pat := regexp.MustCompile(fmt.Sprintf(`(?i)@%s(?:\W|$)`, regexp.QuoteMeta(bridgeUsername)))
 	return pat.ReplaceAllString(content, fmt.Sprintf("<@%s>", pingID))
 }
+
+// Ensure socketTLSConfig is used (referenced in NewClient via session.Transport()).
+var _ = socketTLSConfig

sneed/types.go

@@ -2,8 +2,10 @@ package sneed
 
 type SneedMessage struct {
 	MessageID       int                    `json:"message_id"`
+	MessageUUID     string                 `json:"message_uuid"`
 	Message         string                 `json:"message"`
 	MessageRaw      string                 `json:"message_raw"`
+	MessageDate     int                    `json:"message_date"`
 	MessageEditDate int                    `json:"message_edit_date"`
 	Author          map[string]interface{} `json:"author"`
 	Deleted         bool                   `json:"deleted"`
@@ -13,5 +15,5 @@ type SneedMessage struct {
 type SneedPayload struct {
 	Messages []SneedMessage `json:"messages"`
 	Message  *SneedMessage  `json:"message"`
-	Delete   interface{}    `json:"delete"`
+	Delete   []string       `json:"delete"`
 }

utils/boundedmap.go

@@ -7,24 +7,24 @@ import (
 
 type BoundedMap struct {
 	mu         sync.RWMutex
-	data       map[int]interface{}
-	timestamps map[int]time.Time
+	data       map[string]interface{}
+	timestamps map[string]time.Time
 	maxSize    int
 	maxAge     time.Duration
-	keys       []int
+	keys       []string
 }
 
 func NewBoundedMap(maxSize int, maxAge time.Duration) *BoundedMap {
 	return &BoundedMap{
-		data:       make(map[int]interface{}),
-		timestamps: make(map[int]time.Time),
+		data:       make(map[string]interface{}),
+		timestamps: make(map[string]time.Time),
 		maxSize:    maxSize,
 		maxAge:     maxAge,
-		keys:       make([]int, 0, maxSize),
+		keys:       make([]string, 0, maxSize),
 	}
 }
 
-func (bm *BoundedMap) Set(key int, value interface{}) {
+func (bm *BoundedMap) Set(key string, value interface{}) {
 	bm.mu.Lock()
 	defer bm.mu.Unlock()
 	if _, ok := bm.data[key]; ok {
@@ -50,14 +50,14 @@ func (bm *BoundedMap) Set(key int, value interface{}) {
 	}
 }
 
-func (bm *BoundedMap) Get(key int) (interface{}, bool) {
+func (bm *BoundedMap) Get(key string) (interface{}, bool) {
 	bm.mu.RLock()
 	defer bm.mu.RUnlock()
 	v, ok := bm.data[key]
 	return v, ok
 }
 
-func (bm *BoundedMap) Delete(key int) {
+func (bm *BoundedMap) Delete(key string) {
 	bm.mu.Lock()
 	defer bm.mu.Unlock()
 	delete(bm.data, key)