@scrypted/server 0.1.15 → 0.1.16

package/src/plugin/plugin-remote-worker.ts

@@ -1,16 +1,22 @@
 import { DeviceManager, ScryptedNativeId, ScryptedStatic, SystemManager } from '@scrypted/types';
+import AdmZip from 'adm-zip';
 import { Console } from 'console';
+import fs from 'fs';
+import { Volume } from 'memfs';
 import net from 'net';
+import path from 'path';
 import { install as installSourceMapSupport } from 'source-map-support';
 import { PassThrough } from 'stream';
 import { RpcMessage, RpcPeer } from '../rpc';
 import { MediaManagerImpl } from './media';
-import { PluginAPI } from './plugin-api';
+import { PluginAPI, PluginRemoteLoadZipOptions } from './plugin-api';
 import { installOptionalDependencies } from './plugin-npm-dependencies';
-import { attachPluginRemote, PluginReader } from './plugin-remote';
+import { attachPluginRemote, PluginReader, setupPluginRemote } from './plugin-remote';
 import { createREPLServer } from './plugin-repl';
+import { NodeThreadWorker } from './runtime/node-thread-worker';
+const { link } = require('linkfs');
 
-export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessage, reject?: (e: Error) => void) => void) {
+export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessage, reject?: (e: Error) => void, serializationContext?: any) => void) {
     const peer = new RpcPeer('unknown', 'host', peerSend);
 
     let systemManager: SystemManager;
@@ -66,13 +72,18 @@ export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessa
         return pluginsPromise;
     }
 
+    const deviceConsoles = new Map<string, Console>();
     const getDeviceConsole = (nativeId?: ScryptedNativeId) => {
         // the the plugin console is simply the default console
         // and gets read from stderr/stdout.
         if (!nativeId)
             return console;
 
-        return getConsole(async (stdout, stderr) => {
+        let ret = deviceConsoles.get(nativeId);
+        if (ret)
+            return ret;
+
+        ret = getConsole(async (stdout, stderr) => {
             const connect = async () => {
                 const plugins = await getPlugins();
                 const port = await plugins.getRemoteServicePort(peer.selfName, 'console-writer');
@@ -93,10 +104,25 @@ export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessa
             };
             connect();
         }, undefined, undefined);
+
+        deviceConsoles.set(nativeId, ret);
+        return ret;
     }
 
+    const mixinConsoles = new Map<string, Map<string, Console>>();
+
     const getMixinConsole = (mixinId: string, nativeId: ScryptedNativeId) => {
-        return getConsole(async (stdout, stderr) => {
+        let nativeIdConsoles = mixinConsoles.get(nativeId);
+        if (!nativeIdConsoles) {
+            nativeIdConsoles = new Map();
+            mixinConsoles.set(nativeId, nativeIdConsoles);
+        }
+
+        let ret = nativeIdConsoles.get(mixinId);
+        if (ret)
+            return ret;
+
+        ret = getConsole(async (stdout, stderr) => {
             if (!mixinId) {
                 return;
             }
@@ -147,6 +173,9 @@ export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessa
             }
             tryConnect();
         }, getDeviceConsole(nativeId), `[${systemManager.getDeviceById(mixinId)?.name}]`);
+
+        nativeIdConsoles.set(mixinId, ret);
+        return ret;
     }
 
     peer.getParam('updateStats').then((updateStats: (stats: any) => void) => {
@@ -183,10 +212,6 @@ export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessa
             api = _api;
             peer.selfName = pluginId;
         },
-        onPluginReady: async (scrypted, params, plugin) => {
-            replPort = createREPLServer(scrypted, params, plugin);
-            postInstallSourceMapSupport(scrypted);
-        },
         getPluginConsole,
         getDeviceConsole,
         getMixinConsole,
@@ -198,7 +223,59 @@ export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessa
             }
             throw new Error(`unknown service ${name}`);
         },
-        async onLoadZip(pluginReader: PluginReader, packageJson: any) {
+        async onLoadZip(scrypted: ScryptedStatic, params: any, packageJson: any, zipData: Buffer | string, zipOptions?: PluginRemoteLoadZipOptions) {
+            let volume: any;
+            let pluginReader: PluginReader;
+            if (zipOptions?.unzippedPath && fs.existsSync(zipOptions?.unzippedPath)) {
+                volume = link(fs, ['', path.join(zipOptions.unzippedPath, 'fs')]);
+                pluginReader = name => {
+                    const filename = path.join(zipOptions.unzippedPath, name);
+                    if (!fs.existsSync(filename))
+                        return;
+                    return fs.readFileSync(filename);
+                };
+            }
+            else {
+                const admZip = new AdmZip(zipData);
+                volume = new Volume();
+                for (const entry of admZip.getEntries()) {
+                    if (entry.isDirectory)
+                        continue;
+                    if (!entry.entryName.startsWith('fs/'))
+                        continue;
+                    const name = entry.entryName.substring('fs/'.length);
+                    volume.mkdirpSync(path.dirname(name));
+                    const data = entry.getData();
+                    volume.writeFileSync(name, data);
+                }
+
+                pluginReader = name => {
+                    const entry = admZip.getEntry(name);
+                    if (!entry)
+                        return;
+                    return entry.getData();
+                }
+            }
+            zipData = undefined;
+
+            const pluginConsole = getPluginConsole?.();
+            params.console = pluginConsole;
+            params.require = (name: string) => {
+                if (name === 'fakefs' || (name === 'fs' && !packageJson.scrypted.realfs)) {
+                    return volume;
+                }
+                if (name === 'realfs') {
+                    return require('fs');
+                }
+                const module = require(name);
+                return module;
+            };
+            const window: any = {};
+            const exports: any = window;
+            window.exports = exports;
+            params.window = window;
+            params.exports = exports;
+
             const entry = pluginReader('main.nodejs.js.map')
             const map = entry?.toString();
 
@@ -234,6 +311,57 @@ export function startPluginRemote(pluginId: string, peerSend: (message: RpcMessa
             };
 
             await installOptionalDependencies(getPluginConsole(), packageJson);
+
+            const main = pluginReader('main.nodejs.js');
+            pluginReader = undefined;
+            const script = main.toString();
+
+            scrypted.fork = async () => {
+                const ntw = new NodeThreadWorker(pluginId, {
+                    env: process.env,
+                    pluginDebug: undefined,
+                });
+                const threadPeer = new RpcPeer('main', 'thread', (message, reject) => ntw.send(message, reject));
+                threadPeer.params.updateStats = (stats: any) => {
+                    // todo: merge.
+                    // this.stats = stats;
+                }
+                ntw.setupRpcPeer(threadPeer);
+
+                const remote = await setupPluginRemote(threadPeer, api, pluginId, () => systemManager.getSystemState());
+                const forkOptions = Object.assign({}, zipOptions);
+                forkOptions.fork = true;
+                return remote.loadZip(packageJson, zipData, forkOptions)
+            }
+
+            try {
+                peer.evalLocal(script, zipOptions?.filename || '/plugin/main.nodejs.js', params);
+                pluginConsole?.log('plugin successfully loaded');
+
+                if (zipOptions?.fork) {
+                    const fork = exports.fork;
+                    const ret = await fork();
+                    ret[RpcPeer.PROPERTY_JSON_DISABLE_SERIALIZATION] = true;
+                    return ret;
+                }
+
+                let pluginInstance = exports.default;
+                // support exporting a plugin class, plugin main function,
+                // or a plugin instance
+                if (pluginInstance.toString().startsWith('class '))
+                    pluginInstance = new pluginInstance();
+                if (typeof pluginInstance === 'function')
+                    pluginInstance = await pluginInstance();
+
+                replPort = createREPLServer(scrypted, params, pluginInstance);
+                postInstallSourceMapSupport(scrypted);
+
+                return pluginInstance;
+            }
+            catch (e) {
+                pluginConsole?.error('plugin failed to start', e);
+                throw e;
+            }
         }
     }).then(scrypted => {
         systemManager = scrypted.systemManager;

package/src/plugin/plugin-remote.ts

@@ -1,15 +1,10 @@
-import AdmZip from 'adm-zip';
-import { Volume } from 'memfs';
-import path from 'path';
-import { ScryptedNativeId, DeviceManager, Logger, Device, DeviceManifest, DeviceState, EndpointManager, SystemDeviceState, ScryptedStatic, SystemManager, MediaManager, ScryptedMimeTypes, ScryptedInterface, ScryptedInterfaceProperty, HttpRequest } from '@scrypted/types'
-import { PluginAPI, PluginLogger, PluginRemote, PluginRemoteLoadZipOptions } from './plugin-api';
-import { SystemManagerImpl } from './system';
+import { Device, DeviceManager, DeviceManifest, DeviceState, EndpointManager, HttpRequest, Logger, MediaManager, ScryptedInterface, ScryptedInterfaceProperty, ScryptedMimeTypes, ScryptedNativeId, ScryptedStatic, SystemDeviceState, SystemManager } from '@scrypted/types';
 import { RpcPeer, RPCResultError } from '../rpc';
 import { BufferSerializer } from './buffer-serializer';
+import { PluginAPI, PluginLogger, PluginRemote, PluginRemoteLoadZipOptions } from './plugin-api';
 import { createWebSocketClass, WebSocketConnectCallbacks, WebSocketMethods } from './plugin-remote-websocket';
-import fs from 'fs';
 import { checkProperty } from './plugin-state-check';
-const { link } = require('linkfs');
+import { SystemManagerImpl } from './system';
 
 class DeviceLogger implements Logger {
     nativeId: ScryptedNativeId;
@@ -347,13 +342,12 @@ export interface PluginRemoteAttachOptions {
     getDeviceConsole?: (nativeId?: ScryptedNativeId) => Console;
     getPluginConsole?: () => Console;
     getMixinConsole?: (id: string, nativeId?: ScryptedNativeId) => Console;
-    onLoadZip?: (pluginReader: PluginReader, packageJson: any) => Promise<void>;
+    onLoadZip?: (scrypted: ScryptedStatic, params: any, packageJson: any, zipData: Buffer | string, zipOptions?: PluginRemoteLoadZipOptions) => Promise<any>;
     onGetRemote?: (api: PluginAPI, pluginId: string) => Promise<void>;
-    onPluginReady?: (scrypted: ScryptedStatic, params: any, plugin: any) => Promise<void>;
 }
 
 export function attachPluginRemote(peer: RpcPeer, options?: PluginRemoteAttachOptions): Promise<ScryptedStatic> {
-    const { createMediaManager, getServicePort, getDeviceConsole, getMixinConsole, getPluginConsole } = options || {};
+    const { createMediaManager, getServicePort, getDeviceConsole, getMixinConsole } = options || {};
 
     if (!peer.constructorSerializerMap.get(Buffer))
         peer.addSerializer(Buffer, 'Buffer', new BufferSerializer());
@@ -367,7 +361,11 @@ export function attachPluginRemote(peer: RpcPeer, options?: PluginRemoteAttachOp
         const systemManager = new SystemManagerImpl();
         const deviceManager = new DeviceManagerImpl(systemManager, getDeviceConsole, getMixinConsole);
         const endpointManager = new EndpointManagerImpl();
-        const mediaManager = await api.getMediaManager() || await createMediaManager(systemManager, deviceManager);
+        const hostMediaManager = await api.getMediaManager();
+        if (!hostMediaManager) {
+            peer.params['createMediaManager'] = async () => createMediaManager(systemManager, deviceManager);
+        }
+        const mediaManager = hostMediaManager || await createMediaManager(systemManager, deviceManager);
         peer.params['mediaManager'] = mediaManager;
         const ioSockets: { [id: string]: WebSocketConnectCallbacks } = {};
 
@@ -382,6 +380,7 @@ export function attachPluginRemote(peer: RpcPeer, options?: PluginRemoteAttachOp
             endpointManager,
             mediaManager,
             log,
+            pluginHostAPI: api,
         }
 
         delete peer.params.getRemote;
@@ -472,50 +471,6 @@ export function attachPluginRemote(peer: RpcPeer, options?: PluginRemoteAttachOp
             },
 
             async loadZip(packageJson: any, zipData: Buffer | string, zipOptions?: PluginRemoteLoadZipOptions) {
-                const pluginConsole = getPluginConsole?.();
-
-                let volume: any;
-                let pluginReader: PluginReader;
-                if (zipOptions?.unzippedPath && fs.existsSync(zipOptions?.unzippedPath)) {
-                    volume = link(fs, ['', path.join(zipOptions.unzippedPath, 'fs')]);
-                    pluginReader = name => {
-                        const filename = path.join(zipOptions.unzippedPath, name);
-                        if (!fs.existsSync(filename))
-                            return;
-                        return fs.readFileSync(filename);
-                    };
-                }
-                else {
-                    const admZip = new AdmZip(zipData);
-                    volume = new Volume();
-                    for (const entry of admZip.getEntries()) {
-                        if (entry.isDirectory)
-                            continue;
-                        if (!entry.entryName.startsWith('fs/'))
-                            continue;
-                        const name = entry.entryName.substring('fs/'.length);
-                        volume.mkdirpSync(path.dirname(name));
-                        const data = entry.getData();
-                        volume.writeFileSync(name, data);
-                    }
-
-                    pluginReader = name => {
-                        const entry = admZip.getEntry(name);
-                        if (!entry)
-                            return;
-                        return entry.getData();
-                    }
-                }
-                zipData = undefined;
-
-                await options?.onLoadZip?.(pluginReader, packageJson);
-                const main = pluginReader('main.nodejs.js');
-                pluginReader = undefined;
-                const script = main.toString();
-                const window: any = {};
-                const exports: any = window;
-                window.exports = exports;
-
 
                 function websocketConnect(url: string, protocols: any, callbacks: WebSocketConnectCallbacks) {
                     if (url.startsWith('io://') || url.startsWith('ws://')) {
@@ -535,18 +490,6 @@ export function attachPluginRemote(peer: RpcPeer, options?: PluginRemoteAttachOp
 
                 const params: any = {
                     __filename: undefined,
-                    exports,
-                    window,
-                    require: (name: string) => {
-                        if (name === 'fakefs' || (name === 'fs' && !packageJson.scrypted.realfs)) {
-                            return volume;
-                        }
-                        if (name === 'realfs') {
-                            return require('fs');
-                        }
-                        const module = require(name);
-                        return module;
-                    },
                     deviceManager,
                     systemManager,
                     mediaManager,
@@ -555,29 +498,12 @@ export function attachPluginRemote(peer: RpcPeer, options?: PluginRemoteAttachOp
                     localStorage,
                     pluginHostAPI: api,
                     WebSocket: createWebSocketClass(websocketConnect),
+                    pluginRuntimeAPI: ret,
                 };
 
-                params.console = pluginConsole;
+                params.pluginRuntimeAPI = ret;
 
-                try {
-                    peer.evalLocal(script, zipOptions?.filename || '/plugin/main.nodejs.js', params);
-                    pluginConsole?.log('plugin successfully loaded');
-
-                    let pluginInstance = exports.default;
-                    // support exporting a plugin class, plugin main function,
-                    // or a plugin instance
-                    if (pluginInstance.toString().startsWith('class '))
-                        pluginInstance = new pluginInstance();
-                    if (typeof pluginInstance === 'function')
-                        pluginInstance = await pluginInstance();
-
-                    await options?.onPluginReady?.(ret, params, pluginInstance);
-                    return pluginInstance;
-                }
-                catch (e) {
-                    pluginConsole?.error('plugin failed to start', e);
-                    throw e;
-                }
+                return options.onLoadZip(ret, params, packageJson, zipData, zipOptions);
             },
         }
 

package/src/plugin/runtime/node-fork-worker.ts

@@ -4,6 +4,8 @@ import path from 'path';
 import { RpcMessage, RpcPeer } from "../../rpc";
 import { ChildProcessWorker } from "./child-process-worker";
 import { getPluginNodePath } from "../plugin-npm-dependencies";
+import { SidebandSocketSerializer } from "../socket-serializer";
+import net from "net";
 
 export class NodeForkWorker extends ChildProcessWorker {
 
@@ -31,7 +33,12 @@ export class NodeForkWorker extends ChildProcessWorker {
 
     setupRpcPeer(peer: RpcPeer): void {
         this.worker.on('message', (message, sendHandle) => {
-            if (sendHandle) {
+            if ((message as any).type && sendHandle) {
+                peer.handleMessage(message as any, {
+                    sendHandle,
+                });
+            }
+            else if (sendHandle) {
                 this.emit('rpc', message, sendHandle);
             }
             else {
@@ -39,13 +46,14 @@ export class NodeForkWorker extends ChildProcessWorker {
             }
         });
         peer.transportSafeArgumentTypes.add(Buffer.name);
+        peer.addSerializer(net.Socket, net.Socket.name, new SidebandSocketSerializer());
     }
 
-    send(message: RpcMessage, reject?: (e: Error) => void): void {
+    send(message: RpcMessage, reject?: (e: Error) => void, serializationContext?: any): void {
         try {
             if (!this.worker)
                 throw new Error('worked has been killed');
-            this.worker.send(message, undefined, e => {
+            this.worker.send(message, serializationContext?.sendHandle, e => {
                 if (e && reject)
                     reject(e);
             });

package/src/plugin/runtime/runtime-worker.ts

@@ -23,7 +23,7 @@ export interface RuntimeWorker {
     on(event: 'exit', listener: (code: number | null, signal: NodeJS.Signals | null) => void): this;
     once(event: 'exit', listener: (code: number | null, signal: NodeJS.Signals | null) => void): this;
 
-    send(message: RpcMessage, reject?: (e: Error) => void): void;
+    send(message: RpcMessage, reject?: (e: Error) => void, serializationContext?: any): void;
 
     setupRpcPeer(peer: RpcPeer): void;
 }

package/src/plugin/socket-serializer.ts

@@ -0,0 +1,15 @@
+import { RpcSerializer } from "../rpc";
+
+export class SidebandSocketSerializer implements RpcSerializer {
+    serialize(value: any, serializationContext?: any) {
+        if (!serializationContext)
+            throw new Error('socket serialization context unavailable');
+        serializationContext.sendHandle = value;
+    }
+
+    deserialize(serialized: any, serializationContext?: any) {
+        if (!serializationContext)
+            throw new Error('socket deserialization context unavailable');
+        return serializationContext.sendHandle;
+    }
+}

package/src/rpc.ts

@@ -138,7 +138,7 @@ class RpcProxy implements PrimitiveProxyHandler<any> {
 
         if (this.proxyOneWayMethods?.includes?.(method)) {
             rpcApply.oneway = true;
-            this.peer.send(rpcApply);
+            this.peer.send(rpcApply, undefined, serializationContext);
             return Promise.resolve();
         }
 

package/src/runtime.ts

@@ -282,8 +282,11 @@ export class ScryptedRuntime extends PluginHttp<HttpPluginData> {
             this.shellio.handleRequest(req, res);
     }
 
-    async getEndpointPluginData(endpoint: string, isUpgrade: boolean, isEngineIOEndpoint: boolean): Promise<HttpPluginData> {
+    async getEndpointPluginData(req: Request, endpoint: string, isUpgrade: boolean, isEngineIOEndpoint: boolean): Promise<HttpPluginData> {
         const ret = await this.getPluginForEndpoint(endpoint);
+        if (req.url.indexOf('/engine.io/api') !== -1)
+            return ret;
+
         const { pluginDevice } = ret;
 
         // check if upgrade requests can be handled. must be websocket.

package/src/scrypted-plugin-main.ts

@@ -2,6 +2,8 @@ import { startPluginRemote } from "./plugin/plugin-remote-worker";
 import { RpcMessage } from "./rpc";
 import worker_threads from "worker_threads";
 import v8 from 'v8';
+import net from 'net';
+import { SidebandSocketSerializer } from "./plugin/socket-serializer";
 
 if (process.argv[2] === 'child-thread') {
     const peer = startPluginRemote(process.argv[3], (message, reject) => {
@@ -16,7 +18,7 @@ if (process.argv[2] === 'child-thread') {
     worker_threads.parentPort.on('message', message => peer.handleMessage(v8.deserialize(message)));
 }
 else {
-    const peer = startPluginRemote(process.argv[3], (message, reject) => process.send(message, undefined, {
+    const peer = startPluginRemote(process.argv[3], (message, reject, serializationContext) => process.send(message, serializationContext?.sendHandle, {
         swallowErrors: !reject,
     }, e => {
         if (e)
@@ -24,6 +26,7 @@ else {
     }));
 
     peer.transportSafeArgumentTypes.add(Buffer.name);
+    peer.addSerializer(net.Socket, net.Socket.name, new SidebandSocketSerializer());
     process.on('message', message => peer.handleMessage(message as RpcMessage));
     process.on('disconnect', () => {
         console.error('peer host disconnected, exiting.');

package/src/scrypted-server-main.ts

@@ -155,7 +155,30 @@ async function start() {
     // use a hash of the private key as the cookie secret.
     app.use(cookieParser(crypto.createHash('sha256').update(certSetting.value.serviceKey).digest().toString('hex')));
 
-    app.all('*', async (req, res, next) => {
+    // trap to add access control headers.
+    app.use((req, res, next) => {
+        if (!req.headers.upgrade)
+            scrypted.addAccessControlHeaders(req, res);
+        next();
+    })
+
+    app.options('*', (req, res) => {
+        // add more?
+        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
+        res.send(200);
+    });
+
+    const authSalt = crypto.randomBytes(16);
+    const createAuthorizationToken = (login_user_token: string) => {
+        const salted = login_user_token + authSalt;
+        const hash = crypto.createHash('sha256');
+        hash.update(salted);
+        const sha = hash.digest().toString('hex');
+        return `Bearer ${sha}#${login_user_token}`;
+    }
+
+    app.use(async (req, res, next) => {
         // this is a trap for all auth.
         // only basic auth will fail with 401. it is up to the endpoints to manage
         // lack of login from cookie auth.
@@ -165,10 +188,8 @@ async function start() {
             const userTokenParts = login_user_token.split('#');
             const username = userTokenParts[0];
             const timestamp = parseInt(userTokenParts[1]);
-            if (timestamp + 86400000 < Date.now()) {
-                console.warn('login expired');
+            if (timestamp + 86400000 < Date.now())
                 return next();
-            }
 
             // this database lookup on every web request is not necessary, the cookie
             // itself is the auth, and is signed. furthermore, this is currently
@@ -182,7 +203,27 @@ async function start() {
             // }
 
             res.locals.username = username;
-            (req as any).username = username;
+        }
+        else if (req.headers.authorization?.startsWith('Bearer ')) {
+            const splits = req.headers.authorization.substring('Bearer '.length).split('#');
+            const login_user_token = splits[1] + '#' + splits[2];
+            if (login_user_token) {
+                const check = splits[0];
+
+                const salted = login_user_token + authSalt;
+                const hash = crypto.createHash('sha256');
+                hash.update(salted);
+                const sha = hash.digest().toString('hex');
+
+                if (check === sha) {
+                    const splits2 = login_user_token.split('#');
+                    const username = splits2[0];
+                    const timestamp = parseInt(splits2[1]);
+                    if (timestamp + 86400000 < Date.now())
+                        return next();
+                    res.locals.username = username;
+                }
+            }
         }
         next();
     });
@@ -355,7 +396,7 @@ async function start() {
     });
 
     const getLoginUserToken = (reqSecure: boolean) => {
-        return reqSecure ? 'login_user_token' : 'login_user_token_inseucre';
+        return reqSecure ? 'login_user_token' : 'login_user_token_insecure';
     };
 
     const getSignedLoginUserToken = (req: Request<any>): string => {
@@ -370,15 +411,12 @@ async function start() {
     let hasLogin = await db.getCount(ScryptedUser) > 0;
 
     app.options('/login', (req, res) => {
-        scrypted.addAccessControlHeaders(req, res);
         res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
         res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
         res.send(200);
     });
 
     app.post('/login', async (req, res) => {
-        scrypted.addAccessControlHeaders(req, res);
-
         const { username, password, change_password } = req.body;
         const timestamp = Date.now();
         const maxAge = 86400000;
@@ -422,6 +460,7 @@ async function start() {
             }
 
             res.send({
+                authorization: createAuthorizationToken(login_user_token),
                 username,
                 expiration: maxAge,
                 addresses,
@@ -456,6 +495,7 @@ async function start() {
         });
 
         res.send({
+            authorization: createAuthorizationToken(login_user_token),
             username,
             token: user.token,
             expiration: maxAge,
@@ -463,6 +503,7 @@ async function start() {
         });
     });
 
+
     app.get('/login', async (req, res) => {
         scrypted.addAccessControlHeaders(req, res);
 
@@ -510,6 +551,7 @@ async function start() {
         }
 
         res.send({
+            authorization: createAuthorizationToken(login_user_token),
             expiration: 86400000 - (Date.now() - timestamp),
             username,
             addresses,