@homebridge-wyze-node24/homebridge-wyze-node24 1.0.4 → 1.1.1

package/README.md

@@ -26,7 +26,7 @@ After you have done that if you feel like my work has been valuable to you I wel
 For more information about our version updates, please check our [change log](CHANGELOG.md).
 
 ## Requirements
-- Node.js 18.20.4, 20.15.1, or 24.13.1
+- Node.js 24.13.1+
 - Homebridge 1.6.0+ (or 2.0.0 beta)
 
 ## Configuration
@@ -63,7 +63,7 @@ Supported devices will be discovered and added to Homebridge automatically.
 * **`apiKey`** – Navigate to [this portal](https://developer-api-console.wyze.com/)
 * **`keyId`** – Navigate to [this portal](https://developer-api-console.wyze.com/), and click Login to sign in to your Wyze account.
 Note: Ensure that the login info you are using matches the info you use when logLevel into the Wyze app.
-Once you’ve signed in, you’ll be automatically redirected back to the developer page.
+Once you've signed in, you'll be automatically redirected back to the developer page.
 Click Create an API key for your API key to be created.
 Once created, you can click view to see the entire key.
 You should receive an email that a new API key has been generated.
@@ -95,4 +95,4 @@ Special thanks to the following projects for reference and inspiration:
 
 Thanks to [misenhower](https://github.com/misenhower/homebridge-wyze-connected-home) for the original Wyze Homebridge plugin, and thanks to [contributors](https://github.com/misenhower/homebridge-wyze-connected-home/graphs/contributors) and [other developers who were not merged](https://github.com/misenhower/homebridge-wyze-connected-home/pulls) for volunteering their time to help fix bugs and add support for more devices and features.
 
-This plugin is an actively maintained fork of misenhower's original [Wyze Homebridge Plugin](https://github.com/misenhower/homebridge-wyze-connected-home) project.
+This plugin is an actively maintained fork of misenhower's original [Wyze Homebridge Plugin](https://github.com/misenhower/homebridge-wyze-connected-home) project.

package/config.schema.json

@@ -16,30 +16,43 @@
       },
       "username": {
         "title": "Username (E-Mail Address)",
-        "description": "The e-mail address used for your Wyze account",
+        "description": "The e-mail address used for your Wyze account. You can also set WYZE_USERNAME env var or use secretsFile.",
         "type": "string",
         "default": "",
         "required": true
       },
       "password": {
         "title": "Password",
-        "description": "The password used for your Wyze account",
+        "description": "The password used for your Wyze account. You can also set WYZE_PASSWORD env var or use secretsFile.",
         "type": "string",
+        "format": "password",
         "default": "",
         "required": true
       },
       "keyId": {
         "title": "Key ID",
-        "description": "API Key/ID available from the official Wyze Portal https://developer-api-console.wyze.com",
+        "description": "API Key/ID available from the official Wyze Portal https://developer-api-console.wyze.com. You can also set WYZE_KEY_ID env var or use secretsFile.",
         "type": "string",
+        "format": "password",
         "required": true
       },
       "apiKey": {
         "title": "API Key",
-        "description": "API Key/ID available from the official Wyze Portal https://developer-api-console.wyze.com/)",
+        "description": "API Key/ID available from the official Wyze Portal https://developer-api-console.wyze.com. You can also set WYZE_API_KEY env var or use secretsFile.",
         "type": "string",
+        "format": "password",
         "required": true
       },
+      "secretsFile": {
+        "title": "Secrets file path (optional)",
+        "description": "Path to a local JSON file containing secrets (e.g., username/password/apiKey/etc). File must be chmod 600 (owner-only) or the plugin will refuse to start.",
+        "type": "string",
+        "default": "",
+        "required": false,
+        "condition": {
+          "functionBody": "return model.showAdvancedOptions === true;"
+        }
+      },
       "refreshInterval": {
         "title": "Refresh Interval",
         "description": "Specify the number of milliseconds to wait between updates, default is 60000 ms (60 seconds)",
@@ -63,7 +76,7 @@
       },
       "apiLogEnabled": {
         "title": "Enable API logging",
-        "description": "",
+        "description": "WARNING: may log request/response details from upstream libraries. Keep OFF unless you understand the risk.",
         "type": "boolean",
         "default": false,
         "condition": {
@@ -79,6 +92,15 @@
           "functionBody": "return model.showAdvancedOptions === true;"
         }
       },
+      "dangerouslyAllowCustomBaseUrls": {
+        "title": "Dangerously allow custom API base URLs",
+        "description": "SECURITY WARNING: If enabled, the plugin will accept authBaseUrl/apiBaseUrl overrides. This can enable SSRF and credential exfiltration. Only enable if you know exactly what you're doing.",
+        "type": "boolean",
+        "default": false,
+        "condition": {
+          "functionBody": "return model.showAdvancedOptions === true;"
+        }
+      },
       "lowBatteryPercentage": {
         "title": "Low Battery Percentage",
         "description": "Specify the Percentage of battery when consider low, default is 30%",
@@ -204,4 +226,4 @@
   },
   "form": null,
   "display": null
-}
+}

package/package.json

@@ -1,8 +1,9 @@
 {
   "name": "@homebridge-wyze-node24/homebridge-wyze-node24",
-  "version": "1.0.4",
+  "version": "1.1.1",
   "description": "Wyze Smart Home plugin for Homebridge compatible with Node.JS 24",
   "license": "MIT",
+  "type": "commonjs",
   "main": "src/index.js",
   "scripts": {
     "lint": "eslint src/**.js --max-warnings=0"
@@ -22,8 +23,17 @@
   },
   "engines": {
     "homebridge": "^1.6.0 || ^2.0.0-beta.0",
-    "node": "^18.20.4 || ^20.15.1 || ^24.13.1"
+    "node": ">=24.13.1"
   },
+  "files": [
+    "src/**/*",
+    "config.schema.json",
+    "configSample.json",
+    "README.md",
+    "CHANGELOG.md",
+    "license.txt",
+    "logo.png"
+  ],
   "dependencies": {
     "aws-sdk": "2.1693.0",
     "axios": "^1.5.0",

package/src/WyzeSmartHome.js

@@ -3,6 +3,13 @@ const { OutdoorPlugModels, PlugModels, CommonModels, CameraModels, LeakSensorMod
   TemperatureHumidityModels, LockModels, MotionSensorModels, ContactSensorModels, LightModels,
   LightStripModels, MeshLightModels, ThermostatModels, S1GatewayModels } = require('./enums')
 
+const {
+  getValidatedBaseUrls,
+  resolveSecrets,
+  sanitizeDeviceName,
+  wrapLogger
+} = require('./security')
+
 const WyzeAPI = require('wyze-api') // Uncomment for Release
 //const WyzeAPI = require('./wyze-api/src') // Comment for Release
 const WyzePlug = require('./accessories/WyzePlug')
@@ -29,8 +36,8 @@ function delay(ms) {
 
 module.exports = class WyzeSmartHome {
   constructor(log, config, api) {
-    this.log = log
-    this.config = config
+    this.log = wrapLogger(log)
+    this.config = resolveSecrets(config || {}, this.log)
     this.api = api
     this.client = this.getClient()
 
@@ -44,6 +51,8 @@ module.exports = class WyzeSmartHome {
   }
 
   getClient() {
+    const { authBaseUrl, apiBaseUrl } = getValidatedBaseUrls(this.config, this.log)
+
     return new WyzeAPI({
       // User login parameters
       username: this.config.username,
@@ -57,9 +66,9 @@ module.exports = class WyzeSmartHome {
       lowBatteryPercentage: this.config.lowBatteryPercentage,
       //Storage Path
       persistPath: homebridge.user.persistPath(),
-      //URLs
-      authBaseUrl: this.config.authBaseUrl,
-      apiBaseUrl: this.config.apiBaseUrl,
+      //URLs (strictly validated)
+      authBaseUrl,
+      apiBaseUrl,
       // App emulation constants
       authApiKey: this.config.authApiKey,
       phoneId: this.config.phoneId,
@@ -83,14 +92,24 @@ module.exports = class WyzeSmartHome {
   }
 
   async runLoop() {
-    const interval = this.config.refreshInterval || DEFAULT_REFRESH_INTERVAL
+    const baseInterval = this.config.refreshInterval || DEFAULT_REFRESH_INTERVAL
+    let failures = 0
+
     // eslint-disable-next-line no-constant-condition
     while (true) {
       try {
         await this.refreshDevices()
-      } catch (e) { }
+        failures = 0
+      } catch (e) {
+        failures += 1
+        const message = e?.message || String(e)
+        this.log.error(`Refresh loop error: ${message}`)
+      }
 
-      await delay(interval)
+      // simple backoff to avoid noisy retry loops on auth/network failures
+      const backoffMultiplier = Math.min(6, failures) // caps at 64x
+      const delayMs = baseInterval * (failures === 0 ? 1 : Math.pow(2, backoffMultiplier))
+      await delay(delayMs)
     }
   }
 
@@ -102,10 +121,10 @@ module.exports = class WyzeSmartHome {
       const timestamp = objectList.ts
       const devices = objectList.data.device_list
 
-      if (this.config.pluginLoggingEnabled) this.log(`Found ${devices.length} device(s)`)
+      if (this.config.pluginLoggingEnabled) this.log(`Found ${devices.length} device(s)`) 
       await this.loadDevices(devices, timestamp)
     } catch (e) {
-      this.log.error(`Error getting devices: ${e}`)
+      this.log.error(`Error getting devices: ${e?.message || e}`)
       throw e
     }
   }
@@ -122,7 +141,7 @@ module.exports = class WyzeSmartHome {
 
     const removedAccessories = this.accessories.filter(a => !foundAccessories.includes(a))
     if (removedAccessories.length > 0) {
-      if (this.config.pluginLoggingEnabled) this.log(`Removing ${removedAccessories.length} device(s)`)
+      if (this.config.pluginLoggingEnabled) this.log(`Removing ${removedAccessories.length} device(s)`) 
       const removedHomeKitAccessories = removedAccessories.map(a => a.homeKitAccessory)
       this.api.unregisterPlatformAccessories(PLUGIN_NAME, PLATFORM_NAME, removedHomeKitAccessories)
     }
@@ -131,28 +150,30 @@ module.exports = class WyzeSmartHome {
   }
 
   async loadDevice(device, timestamp) {
-    const accessoryClass = this.getAccessoryClass(device.product_type, device.product_model, device.mac, device.nickname)
+    const safeNickname = sanitizeDeviceName(device.nickname)
+
+    const accessoryClass = this.getAccessoryClass(device.product_type, device.product_model, device.mac, safeNickname)
     if (!accessoryClass) {
-      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Unsupported device type: (Name: ${device.nickname}) (MAC: ${device.mac}) (Model: ${device.product_model})`)
+      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Unsupported device type: (Name: ${safeNickname}) (MAC: ${device.mac}) (Model: ${device.product_model})`)
       return
     }
     else if (this.config.filterByMacAddressList?.find(d => d === device.mac) || this.config.filterDeviceTypeList?.find(d => d === device.product_type)) {
-      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Ignoring (${device.nickname}) (MAC: ${device.mac}) because it is in the Ignore Device list`)
+      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Ignoring (${safeNickname}) (MAC: ${device.mac}) because it is in the Ignore Device list`)
       return
     }
     else if (device.product_type == 'S1Gateway' && this.config.hms == false) {
-      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Ignoring (${device.nickname}) (MAC: ${device.mac}) because it is not enabled`)
+      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Ignoring (${safeNickname}) (MAC: ${device.mac}) because it is not enabled`)
       return
     }
 
 
     let accessory = this.accessories.find(a => a.matches(device))
     if (!accessory) {
-      const homeKitAccessory = this.createHomeKitAccessory(device)
+      const homeKitAccessory = this.createHomeKitAccessory(device, safeNickname)
       accessory = new accessoryClass(this, homeKitAccessory)
       this.accessories.push(accessory)
     } else {
-      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Loading accessory from cache ${device.nickname} (MAC: ${device.mac})`)
+      if (this.config.pluginLoggingEnabled) this.log(`[${device.product_type}] Loading accessory from cache ${safeNickname} (MAC: ${device.mac})`)
     }
     accessory.update(device, timestamp)
 
@@ -192,16 +213,16 @@ module.exports = class WyzeSmartHome {
     }
   }
 
-  createHomeKitAccessory(device) {
+  createHomeKitAccessory(device, safeNickname) {
     const uuid = UUIDGen.generate(device.mac)
 
-    const homeKitAccessory = new Accessory(device.nickname, uuid)
+    const homeKitAccessory = new Accessory(safeNickname, uuid)
 
     homeKitAccessory.context = {
       mac: device.mac,
       product_type: device.product_type,
       product_model: device.product_model,
-      nickname: device.nickname
+      nickname: safeNickname
     }
 
     this.api.registerPlatformAccessories(PLUGIN_NAME, PLATFORM_NAME, [homeKitAccessory])
@@ -224,7 +245,8 @@ module.exports = class WyzeSmartHome {
       try {
         this.api.unregisterPlatformAccessories(PLUGIN_NAME, PLATFORM_NAME, [homeKitAccessory])
       } catch (error) {
-        this.log.error(`Error removing accessory ${homeKitAccessory.context.nickname} (MAC: ${homeKitAccessory.context.mac}) : ${error}`)
+        const safeName = sanitizeDeviceName(homeKitAccessory.context.nickname)
+        this.log.error(`Error removing accessory ${safeName} (MAC: ${homeKitAccessory.context.mac}) : ${error?.message || error}`)
       }
     }
   }

package/src/accessories/WyzeAccessory.js

@@ -1,4 +1,5 @@
 const { Service, Characteristic } = require("../types");
+const { sanitizeDeviceName } = require("../security");
 
 // Responses from the Wyze API can lag a little after a new value is set
 const UPDATE_THROTTLE_MS = 1000;
@@ -33,6 +34,7 @@ module.exports = class WyzeAccessory {
 
   async update(device, timestamp) {
     const productType = device.product_type;
+    const safeNickname = sanitizeDeviceName(device.nickname);
 
     switch (productType) {
       default:
@@ -40,14 +42,14 @@ module.exports = class WyzeAccessory {
           mac: device.mac,
           product_type: device.product_type,
           product_model: device.product_model,
-          nickname: device.nickname,
+          nickname: safeNickname,
         };
         break;
     }
 
     this.homeKitAccessory
       .getService(Service.AccessoryInformation)
-      .updateCharacteristic(Characteristic.Name, device.nickname)
+      .updateCharacteristic(Characteristic.Name, safeNickname)
       .updateCharacteristic(Characteristic.Manufacturer, "Wyze")
       .updateCharacteristic(Characteristic.Model, device.product_model)
       .updateCharacteristic(Characteristic.SerialNumber, device.mac)
@@ -82,4 +84,4 @@ module.exports = class WyzeAccessory {
   sleep(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms * 1000));
   }
-};
+};

package/src/accessories/WyzeMeshLight.js

@@ -81,7 +81,12 @@ module.exports = class WyzeMeshLight extends WyzeAccessory {
     ) {
       return true;
     } else {
-      this.plugin.log(`Encountered invalid property value: ${JSON.stringify(property, null, 2)}`);
+      // Avoid logging raw API objects; they can contain device IDs / other sensitive fields.
+      if (this.plugin.config.pluginLoggingEnabled) {
+        this.plugin.log(
+          `Encountered invalid property value (pid=${property?.pid}, value=${String(property?.value)})`
+        );
+      }
       return false;
     }
   }
@@ -288,4 +293,4 @@ module.exports = class WyzeMeshLight extends WyzeAccessory {
       }
     }
   }
-};
+};

package/src/security.js

@@ -0,0 +1,255 @@
+const fs = require('fs')
+const net = require('net')
+
+const DEFAULT_AUTH_BASE_URL = 'https://auth-prod.api.wyze.com'
+const DEFAULT_API_BASE_URL = 'https://api.wyzecam.com'
+
+const WYZE_ALLOWED_HOSTNAMES = new Set([
+  new URL(DEFAULT_AUTH_BASE_URL).hostname,
+  new URL(DEFAULT_API_BASE_URL).hostname
+])
+
+const SECRET_KEYS = [
+  'username',
+  'password',
+  'mfaCode',
+  'keyId',
+  'apiKey',
+  'authApiKey',
+  'phoneId',
+  'appName',
+  'appVer',
+  'appVersion',
+  'userAgent',
+  'sc',
+  'sv',
+  'fordAppKey',
+  'fordAppSecret',
+  'oliveSigningSecret',
+  'oliveAppId',
+  'appInfo'
+]
+
+const ENV_MAP = {
+  username: 'WYZE_USERNAME',
+  password: 'WYZE_PASSWORD',
+  mfaCode: 'WYZE_MFA_CODE',
+  keyId: 'WYZE_KEY_ID',
+  apiKey: 'WYZE_API_KEY',
+  authApiKey: 'WYZE_AUTH_API_KEY',
+  phoneId: 'WYZE_PHONE_ID',
+  appName: 'WYZE_APP_NAME',
+  appVer: 'WYZE_APP_VER',
+  appVersion: 'WYZE_APP_VERSION',
+  userAgent: 'WYZE_USER_AGENT',
+  sc: 'WYZE_SC',
+  sv: 'WYZE_SV',
+  fordAppKey: 'WYZE_FORD_APP_KEY',
+  fordAppSecret: 'WYZE_FORD_APP_SECRET',
+  oliveSigningSecret: 'WYZE_OLIVE_SIGNING_SECRET',
+  oliveAppId: 'WYZE_OLIVE_APP_ID',
+  appInfo: 'WYZE_APP_INFO'
+}
+
+function stripControlChars(input) {
+  return String(input)
+    .replace(/[\r\n\t]+/g, ' ')
+    .replace(/[\u0000-\u001F\u007F]/g, '')
+}
+
+function boundLength(input, maxLen) {
+  const s = String(input)
+  if (s.length <= maxLen) return s
+  return s.slice(0, maxLen) + '…'
+}
+
+function redactMacs(str) {
+  return str.replace(/\b([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}\b/g, (mac) => {
+    const parts = mac.split(':')
+    return 'xx:xx:xx:xx:xx:' + parts[5]
+  })
+}
+
+function redactBearerTokens(str) {
+  return str.replace(/\bBearer\s+[-._~+/0-9a-zA-Z]+=*\b/g, 'Bearer [REDACTED]')
+}
+
+function redactKeyValueSecrets(str) {
+  const keys = [
+    'password',
+    'apiKey',
+    'keyId',
+    'access_token',
+    'refresh_token',
+    'accessToken',
+    'refreshToken',
+    'authorization',
+    'fordAppSecret',
+    'fordAppKey',
+    'oliveSigningSecret',
+    'oliveAppId',
+    'authApiKey'
+  ]
+
+  const keyGroup = keys.map(k => k.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|')
+
+  // Covers JSON-ish and plain logs like `password: ...` or `"password":"..."`
+  const re = new RegExp(`(\\b(?:${keyGroup})\\b"?\\s*[:=]\\s*)("?)([^"\\s,}]+)("?)`, 'gi')
+  return str.replace(re, (_m, prefix) => `${prefix}[REDACTED]`)
+}
+
+function sanitizeLogMessage(input) {
+  let s = stripControlChars(input)
+  s = redactBearerTokens(s)
+  s = redactKeyValueSecrets(s)
+  s = redactMacs(s)
+  return boundLength(s, 2000)
+}
+
+function sanitizeDeviceName(name) {
+  return boundLength(stripControlChars(name).trim(), 64) || 'Wyze Device'
+}
+
+function wrapLogger(log) {
+  const baseFn = typeof log === 'function' ? log : (...args) => log.info(...args)
+
+  const wrapped = (...args) => baseFn(...args.map(sanitizeLogMessage))
+
+  for (const level of ['error', 'warn', 'info', 'debug']) {
+    const underlying = log?.[level]
+    if (typeof underlying === 'function') {
+      wrapped[level] = (...args) => underlying(...args.map(sanitizeLogMessage))
+    }
+  }
+
+  return wrapped
+}
+
+function loadSecretsFromFile(secretsFile, log) {
+  const stat = fs.statSync(secretsFile)
+  // Must not be readable/writable by group/others
+  if ((stat.mode & 0o077) !== 0) {
+    throw new Error(
+      `Secrets file permissions too open: ${secretsFile}. ` +
+        'Set mode to 600 (owner read/write only).'
+    )
+  }
+
+  const raw = fs.readFileSync(secretsFile, 'utf8')
+  const parsed = JSON.parse(raw)
+  return parsed && typeof parsed === 'object' ? parsed : {}
+}
+
+function resolveSecrets(config, log) {
+  const merged = { ...config }
+
+  if (config?.secretsFile) {
+    try {
+      const fromFile = loadSecretsFromFile(config.secretsFile, log)
+      for (const k of SECRET_KEYS) {
+        if (fromFile[k] != null && fromFile[k] !== '') merged[k] = fromFile[k]
+      }
+      log('Loaded secrets from secretsFile')
+    } catch (e) {
+      // Refuse to start: this prevents accidentally using a world-readable secrets file.
+      log.error(`Failed to load secretsFile: ${e?.message || e}`)
+      throw e
+    }
+  }
+
+  for (const [key, envName] of Object.entries(ENV_MAP)) {
+    const v = process.env[envName]
+    if (v == null || v === '') continue
+
+    if (key === 'appInfo') {
+      try {
+        merged.appInfo = JSON.parse(v)
+      } catch {
+        merged.appInfo = v
+      }
+      continue
+    }
+
+    merged[key] = v
+  }
+
+  return merged
+}
+
+function isIpLiteral(hostname) {
+  return net.isIP(hostname) !== 0
+}
+
+function isClearlyLocalHostname(hostname) {
+  const lower = String(hostname).toLowerCase()
+  return (
+    lower === 'localhost' ||
+    lower.endsWith('.localhost') ||
+    lower.endsWith('.local')
+  )
+}
+
+function validateBaseUrl(urlString) {
+  const u = new URL(urlString)
+  if (u.protocol !== 'https:') {
+    throw new Error(`Base URL must use https: ${urlString}`)
+  }
+  if (isIpLiteral(u.hostname)) {
+    throw new Error(`IP literals are not allowed in base URLs: ${urlString}`)
+  }
+  if (isClearlyLocalHostname(u.hostname)) {
+    throw new Error(`Local hostnames are not allowed in base URLs: ${urlString}`)
+  }
+  return u
+}
+
+function getValidatedBaseUrls(config, log) {
+  const hasCustom = Boolean(config?.authBaseUrl || config?.apiBaseUrl)
+  const allowCustom = Boolean(config?.dangerouslyAllowCustomBaseUrls)
+
+  if (hasCustom && !allowCustom) {
+    log.error(
+      'Custom authBaseUrl/apiBaseUrl are ignored for security. ' +
+        'If you understand the risks and still want this, set dangerouslyAllowCustomBaseUrls=true.'
+    )
+    return {
+      authBaseUrl: DEFAULT_AUTH_BASE_URL,
+      apiBaseUrl: DEFAULT_API_BASE_URL
+    }
+  }
+
+  if (!hasCustom) {
+    return {
+      authBaseUrl: DEFAULT_AUTH_BASE_URL,
+      apiBaseUrl: DEFAULT_API_BASE_URL
+    }
+  }
+
+  // Custom base URLs only when explicitly opted-in.
+  const authUrl = config.authBaseUrl ? validateBaseUrl(config.authBaseUrl) : new URL(DEFAULT_AUTH_BASE_URL)
+  const apiUrl = config.apiBaseUrl ? validateBaseUrl(config.apiBaseUrl) : new URL(DEFAULT_API_BASE_URL)
+
+  // Even when opted-in, refuse non-Wyze hosts by default.
+  // This keeps the escape-hatch useful for path tweaks, but blocks credential exfiltration/SSRF.
+  if (!WYZE_ALLOWED_HOSTNAMES.has(authUrl.hostname) || !WYZE_ALLOWED_HOSTNAMES.has(apiUrl.hostname)) {
+    throw new Error(
+      `Custom base URL hostnames must be one of: ${Array.from(WYZE_ALLOWED_HOSTNAMES).join(', ')}. ` +
+        'Refusing to start.'
+    )
+  }
+
+  return {
+    authBaseUrl: authUrl.toString().replace(/\/+$/, ''),
+    apiBaseUrl: apiUrl.toString().replace(/\/+$/, '')
+  }
+}
+
+module.exports = {
+  DEFAULT_AUTH_BASE_URL,
+  DEFAULT_API_BASE_URL,
+  sanitizeLogMessage,
+  sanitizeDeviceName,
+  wrapLogger,
+  resolveSecrets,
+  getValidatedBaseUrls
+}

package/.gitattributes

@@ -1,2 +0,0 @@
-# Auto detect text files and perform LF normalization
-* text=auto

package/.github/ISSUE_TEMPLATE/bug-report.md

@@ -1,44 +0,0 @@
----
-name: Bug Report
-about: Create a report to help us improve
-title: ''
-labels: bug, question
-assignees: ''
-
----
-
-<!-- You must use the issue template below when submitting a bug -->
-
-**Describe The Bug:**
-<!-- A clear and concise description of what the bug is. -->
-
-**To Reproduce:**
-<!-- Steps to reproduce the behavior. -->
-
-**Expected behavior:**
-<!-- A clear and concise description of what you expected to happen. -->
-
-**Logs:**
-
-```
-Show the Homebridge logs here, remove any sensitive information.
-```
-
-**Plugin Config:**
-
-```json
-Show your Homebridge config.json here, remove any sensitive information.
-```
-
-**Screenshots:**
-<!-- If applicable, add screenshots to help explain your problem. -->
-
-**Environment:**
-
-* **Plugin Version**:
-* **Homebridge Version**: <!-- homebridge -V -->
-* **Node.js Version**: <!-- node -v -->
-* **NPM Version**: <!-- npm -v -->
-* **Operating System**: <!-- Raspbian / Ubuntu / Debian / Windows / macOS / Docker / hb-service -->
-
-<!-- Click the "Preview" tab before you submit to ensure the formatting is correct. -->

package/.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +0,0 @@
-# blank_issues_enabled: false
-# contact_links:
-#   - name: Homebridge Discord Community
-#     url: https://discord.gg/kqNCe2D
-#     about: Ask your questions in the #YOUR_CHANNEL_HERE channel

package/.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,23 +0,0 @@
----
-name: Feature Request
-about: Suggest an idea for this project
-title: ''
-labels: enhancement
-assignees: ''
-
----
-
-**Is your feature request related to a problem? Please describe:**
-<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
-
-**Describe the solution you'd like:**
-<!-- A clear and concise description of what you want to happen. -->
-
-**Describe alternatives you've considered:**
-<!-- A clear and concise description of any alternative solutions or features you've considered. -->
-
-**Additional context:**
-<!-- Add any other context or screenshots about the feature request here. -->
-
-
-<!-- Click the "Preview" tab before you submit to ensure the formatting is correct. -->

package/.github/ISSUE_TEMPLATE/support-request.md

@@ -1,38 +0,0 @@
----
-name: Support Request
-about: Need help?
-title: ''
-labels: question
-assignees: ''
-
----
-
-<!-- You must use the issue template below when submitting a support request -->
-
-**Describe Your Problem:**
-<!-- A clear and concise description of what problem you are trying to solve. -->
-
-**Logs:**
-
-```
-Show the Homebridge logs here, remove any sensitive information.
-```
-
-**Plugin Config:**
-
-```json
-Show your Homebridge config.json here, remove any sensitive information.
-```
-
-**Screenshots:**
-<!-- If applicable, add screenshots to help explain your problem. -->
-
-**Environment:**
-
-* **Plugin Version**:
-* **Homebridge Version**: <!-- homebridge -V -->
-* **Node.js Version**: <!-- node -v -->
-* **NPM Version**: <!-- npm -v -->
-* **Operating System**: <!-- Raspbian / Ubuntu / Debian / Windows / macOS / Docker / hb-service -->
-
-<!-- Click the "Preview" tab before you submit to ensure the formatting is correct. -->

package/.github/dependabot.yml

@@ -1,12 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 5
-    rebase-strategy: "auto"
-    commit-message:
-      prefix: "deps"
-    labels:
-      - "dependencies"

package/.github/workflows/codeql.yml

@@ -1,72 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
-  schedule:
-    - cron: '36 13 * * 1'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'Typescript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-        
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v4
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4

package/.github/workflows/greetings.yml

@@ -1,16 +0,0 @@
-name: Greetings
-
-on: [pull_request_target, issues]
-
-jobs:
-  greeting:
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-    steps:
-    - uses: actions/first-interaction@v1
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        issue-message: "Message that will be displayed on users' first issue"
-        pr-message: "Message that will be displayed on users' first pull request"

package/.github/workflows/publish.yml

@@ -1,30 +0,0 @@
-name: Publish to npm
-
-on:
-  push:
-    tags:
-      - "v*"
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write   # only needed if you use --provenance
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          registry-url: "https://registry.npmjs.org"
-
-      - run: npm install
-
-      - run: npm run build --if-present
-
-      - name: Publish
-        run: npm publish --access public --provenance
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.gitmodules

@@ -1,4 +0,0 @@
-[submodule "src/wyze-api"]
-	path = src/wyze-api
-	url = https://github.com/jfarmer08/wyze-api
-	branch = main

package/eslint.config.js

@@ -1,34 +0,0 @@
-const eslint = require('@eslint/js')
-
-module.exports = [
-  {
-    ignores: ['dist/**'],
-  },
-  {
-    files: ['src/**/*.js'],
-    ...eslint.configs.recommended,
-    languageOptions: {
-      ecmaVersion: 2022,
-      sourceType: 'commonjs',
-      globals: {
-        module: 'readonly',
-        require: 'readonly',
-        __dirname: 'readonly',
-        process: 'readonly',
-        Buffer: 'readonly',
-        setTimeout: 'readonly',
-        clearTimeout: 'readonly',
-      },
-    },
-    rules: {
-      ...eslint.configs.recommended.rules,
-      'no-console': 'off',
-      'no-empty': ['error', { allowEmptyCatch: true }],
-      curly: 'off',
-      'brace-style': 'off',
-      eqeqeq: 'off',
-      'max-len': 'off',
-      'no-fallthrough': 'off',
-    },
-  },
-]