@apocaliss92/scrypted-reolink-native 0.5.40 → 0.5.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/.claude/agent-memory/baichuan-reolink-engineer/MEMORY.md +1 -0
  2. package/.claude/agent-memory/baichuan-reolink-engineer/reolink_cloud_endpoints.md +25 -0
  3. package/dist/main.nodejs.js +1 -1
  4. package/dist/plugin.zip +0 -0
  5. package/package.json +2 -2
package/.claude/agent-memory/baichuan-reolink-engineer/MEMORY.md CHANGED
@@ -2,3 +2,4 @@
2
2
 
3
3
  - [camstack Reolink probe-gated cap registration](camstack_probe_gated_cap_registration.md) — probe-gated native caps (PTZ/autotrack/doorbell/intercom) MUST be re-registered retroactively in `probeAndPersistFeatures`; constructor pass runs before the feature-probe slice is populated.
4
4
  - [Baichuan talk sequence + ADPCM framing](baichuan_talk_sequence.md) — canonical two-way-audio command order, block framing math, and fine-tuning knobs (shared by scrypted-reolink-native + camstack).
5
+ - [Reolink cloud endpoints](reolink_cloud_endpoints.md) — what `apis.reolink.com` v1.0 / v2 endpoints the desktop app uses, which need OAuth2 Bearer auth, and what `access-authorization` actually returns (delegated login, NOT relay hint).
package/.claude/agent-memory/baichuan-reolink-engineer/reolink_cloud_endpoints.md ADDED
@@ -0,0 +1,25 @@
1
+ ---
2
+ name: reolink-cloud-endpoints
3
+ description: Reolink desktop app cloud endpoints — what each is used for, who calls them, and which require account auth (relevant when implementing src/cloud/).
4
+ metadata:
5
+ type: project
6
+ ---
7
+
8
+ Reolink desktop app v8.17.8 (Electron, libBCSDKWrapper.dylib backend) uses two distinct cloud APIs against `apis.reolink.com`. Sourced from JS bundle `~node_modules_sharp_vendor_Sync_recursive_versions_json_~private_main_index_ts.js` (main process) and `libBCSDKWrapper.dylib` strings.
9
+
10
+ **Auth model**: OAuth2. Access token obtained via `POST https://apis.reolink.com/v1.0/oauth2/token/` (form-urlencoded; `client_id=process.env.VUE_APP_CLIENT_ID`, `grant_type` ∈ {`refresh_token`,`rotp`,…}). Stored as `settingsManager.accessToken`. Attached to subsequent calls as `Authorization: Bearer <token>`.
11
+
12
+ ## v1.0 endpoints (Bearer auth required)
13
+ - `GET /v1.0/devices/` — list of devices the account owns.
14
+ - `DELETE /v1.0/devices/<UID>/` (or `/devices/shares/<UID>/`) — unbind a device.
15
+ - `POST /v1.0/oauth2/authorization/` — grant a device-code (RSA-pad UID to 24 chars with `0`s; body `{responseType:"device_code", clientId:<padded UID>, options:{…}}`).
16
+ - `POST /v1.0/oauth2/token/` — login/refresh.
17
+ - `GET /v1.0/users/@me/profile/` — user profile.
18
+
19
+ ## v2 endpoints
20
+ - `GET /v2/devices/<UID>/server-binding?language=<lang>` — **NO AUTH HEADER**. Returns `{ availableZones: [ { id, name, locations, status, services: { p2p:{server}, cloud:{server}, roms_ota:{server}, alarm_push:{server} } }, … ] }`. Used by `GdprManager.getDeviceServerBinding`. The same default zone JSON is embedded as a fallback string in `libBCSDKWrapper.dylib` (8 zones: ids 1,2,3,6,7,8,9 + extras). Function: zone-allocation hint per UID — returns the SET of relays/clouds applicable, NOT a single "use this relay" answer.
21
+ - `GET /v2/devices/access-authorization/<UID>` — **Bearer auth required**. Format string `%s/v2/devices/access-authorization/` lives in libBCSDKWrapper.dylib next to `Bearer %s` and `Authorization`. Invoked from the C++ SDK after `BCSDK_SetAccountCenter(base_url, access_token, ca_path)`. Returns a JSON payload with `certChain`, `LoginUser{authType,authLogin,authSignature,authToken,authUser,scopes,privileges}`, `LoginNet{udpPort,…}`, and RSA crypto material (`pubKey`, `pubKeyAlgo`, `cipherKeySeed`, `tokenKey`, `cipherContent`). This is the **delegated-login** endpoint: it returns credentials the app can use to sign in to the camera as the Reolink-account owner WITHOUT typing the camera password. NOT a relay-hint endpoint.
22
+
23
+ ## Implications for `src/cloud/`
24
+ - **Relay-hint without account**: feasible via `server-binding` (no auth). But the response is the global zone list, not a single relay. You still need to pick the right zone — likely by examining `availableZones[*].status` (one entry has `"status":"active"` or `"default"`; e.g., zone 1 has `status:"default"`) OR by intersecting with where the user's UID is geographically registered. Without testing, assume the response is filtered per-UID server-side and pick `availableZones[0]` or the entry with `status:"active"` for that UID's region.
25
+ - **Delegated camera login** (`access-authorization`): requires a logged-in Reolink account whose access_token has the UID associated with it (via the user adding the device to the account). NOT feasible without user-supplied account credentials.