homebridge-interqr 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Or Evron
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,76 @@
+<p align="center">
+  <img src="https://raw.githubusercontent.com/orevron/ha-interqr/main/logo.png" alt="InterQR Logo" width="180" />
+</p>
+
+# homebridge-interqr
+
+<p align="center">
+  <a href="https://github.com/orevron/homebridge-interqr/releases"><img alt="Release" src="https://img.shields.io/github/v/release/orevron/homebridge-interqr?style=flat-square" /></a>
+  <a href="https://github.com/homebridge/homebridge"><img alt="Homebridge Compatible" src="https://img.shields.io/badge/homebridge-compatible-4db8ea.svg?style=flat-square" /></a>
+  <a href="https://github.com/orevron/homebridge-interqr/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/github/license/orevron/homebridge-interqr?style=flat-square" /></a>
+</p>
+
+<p align="center">Control your InterQR smart locks directly from Homebridge.</p>
+
+## Description
+
+**InterQR** is a QR-code-based building access and smart lock system commonly used in residential and office buildings. The `homebridge-interqr` plugin allows you to integrate your InterQR locks seamlessly into your Apple Home ecosystem.
+
+You can easily add your locks using the same phone number and SMS verification code used in the InterQR mobile app. Once authenticated, your authorized locks automatically populate as physical Lock mechanisms within Homebridge and Apple Home.
+
+## Features
+
+- **Unlock InterQR Locks:** Open connected building or office doors with a tap from the Home app or via Siri.
+- **Auto-Relock State Tracking:** InterQR systems are typically "unlock-only" access controls (the physical door locks automatically). To ensure consistency, Homebridge will automatically revert the device state back to "locked" 5 seconds after an unlock command is issued.
+- **Seamless Authentication:** Log in securely via the Homebridge UI settings using your mobile number and SMS 2FA code. The plugin securely manages session tokens in the background and attempts automatic silent re-authentication.
+- **Multi-Lock Support:** Automatically discovers and creates accessory entities for all locks assigned to your InterQR account.
+
+## Supported Devices
+
+- InterQR Smart Locks (including Palgate-compatible locks managed via InterQR)
+
+## Installation & Setup
+
+1. Install the plugin using `npm`:
+   ```sh
+   npm install -g homebridge-interqr
+   ```
+   Or install it directly via the Homebridge Config UI X (search for `homebridge-interqr`).
+   
+2. Navigate to the Plugins tab in your Homebridge Config UI X.
+
+3. Open the **Settings** for `homebridge-interqr`.
+
+4. Use the custom configuration interface to:
+   - Enter your phone number (with the country code, e.g., `+1234567890`)
+   - Click "Send SMS Code"
+   - Enter the 4-8 digit SMS verification code received
+   - Click "Verify Code"
+
+5. Restart Homebridge. Your connected locks will be discovered and added to Apple Home automatically.
+
+## Usage
+
+Once installed and configured, your InterQR lock(s) will appear as standard Lock accessories in Homebridge and Apple Home, displaying a Locked/Unlocked status.
+
+### Behaviours
+
+- **Unlocking:** Toggling the lock to "Unlocked" will trigger the physical unlock command via the InterQR cloud API. 
+- **Auto Re-Locking:** As the physical InterQR locks are unlock-only, the Apple Home accessory status will briefly show "Unlocked" and wait 5 seconds before reverting to "Locked" to reflect the actual state of the entrance door.
+- **Actioning "Lock":** Manually toggling the lock to "Locked" does not send a command but correctly establishes the consistent state in HomeKit.
+
+## Error Handling & Re-authentication
+
+If a session token naturally expires, the plugin will log an error and attempt to silently refresh the token via the background API. If your token was significantly revoked, you may see an `Authentication failed` log. In this case, simply revisit the Homebridge UI Plugin Settings, walk through the SMS login workflow again, and restart the service.
+
+## Security
+
+This plugin:
+- Employs secure SMS-based 2FA.
+- Communicates directly with the official InterQR Cloud HTTPS API.
+- Stores zero personally identifiable credential data in your public repositories.
+- Only maintains minimal session payloads inside the standard config UI context JSON.
+
+## Disclaimer
+
+This plugin is not officially affiliated with or endorsed by InterQR. It was developed independently. Use at your own risk.

package/config.schema.json

@@ -0,0 +1,37 @@
+{
+    "pluginAlias": "InterQR",
+    "pluginType": "platform",
+    "singular": true,
+    "customUi": true,
+    "headerDisplay": "Manage your InterQR locks.",
+    "schema": {
+        "type": "object",
+        "properties": {
+            "phoneNumber": {
+                "title": "Phone Number",
+                "type": "string",
+                "description": "The phone number used to login to InterQR (with country code, e.g., +1234567890)",
+                "required": true
+            },
+            "token": {
+                "title": "Authentication Token",
+                "type": "string",
+                "description": "Auth token (automatically generated via the login UI)",
+                "required": true
+            },
+            "deviceUuid": {
+                "title": "Device UUID",
+                "type": "string",
+                "description": "Device UUID (automatically generated via the login UI)",
+                "required": true
+            },
+            "updateInterval": {
+                "title": "Update Interval (minutes)",
+                "type": "integer",
+                "default": 5,
+                "description": "How often to poll the InterQR API for lock changes.",
+                "minimum": 1
+            }
+        }
+    }
+}

package/dist/api.js

@@ -0,0 +1,144 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InterQRApiClient = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const DEFAULT_BASE_URL = "https://www.interqr.com/api";
+const ENDPOINT_INIT = "/init";
+const ENDPOINT_LOGIN = "/login";
+const ENDPOINT_LOGOUT = "/logout";
+const ENDPOINT_TWOFA_START = "/twofa/start";
+const ENDPOINT_TWOFA_VERIFY = "/twofa/verify";
+const ENDPOINT_USER_DETAILS = "/resource/user/details";
+const ENDPOINT_UNLOCK = "/locks/{uuid}/unlock";
+const ENDPOINT_UNLOCK_LONG = "/locks/{uuid}/unlock-long";
+const APP_VERSION = "3.5.8";
+const DEVICE_MANUFACTURER = "Athom";
+const DEVICE_MODEL = "Integration";
+const DEVICE_PLATFORM = "Homebridge";
+class InterQRApiClient {
+    baseUrl;
+    token = null;
+    deviceUuid = null;
+    constructor(baseUrl = DEFAULT_BASE_URL) {
+        this.baseUrl = baseUrl.replace(/\/$/, '');
+    }
+    setToken(token) {
+        this.token = token;
+    }
+    setDeviceUuid(uuid) {
+        this.deviceUuid = uuid;
+    }
+    async _request(method, endpoint, options = {}) {
+        const url = `${this.baseUrl}${endpoint}`;
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (options.authenticated && this.token) {
+            headers['Authorization'] = `Bearer ${this.token}`;
+        }
+        const fetchOptions = {
+            method,
+            headers,
+        };
+        if (options.jsonData) {
+            fetchOptions.body = JSON.stringify(options.jsonData);
+        }
+        const response = await fetch(url, fetchOptions);
+        const contentType = response.headers.get('Content-Type') || '';
+        if (!contentType.includes('application/json')) {
+            throw new Error(`Unexpected response type from server: ${contentType}`);
+        }
+        const data = await response.json();
+        if (response.status === 401) {
+            throw new Error('Authentication failed');
+        }
+        if (response.status >= 400) {
+            throw new Error(data.message || `API error (HTTP ${response.status})`);
+        }
+        return data;
+    }
+    async initDevice(deviceUuid = null) {
+        if (!deviceUuid) {
+            deviceUuid = crypto_1.default.randomUUID();
+        }
+        this.deviceUuid = deviceUuid;
+        const payload = {
+            device_uuid: this.deviceUuid,
+            manufacturer: DEVICE_MANUFACTURER,
+            model: DEVICE_MODEL,
+            platform: DEVICE_PLATFORM,
+            os_version: "1.0",
+            app_version: APP_VERSION,
+        };
+        const result = await this._request('POST', ENDPOINT_INIT, { jsonData: payload });
+        if (result && result.data && result.data.device_uuid) {
+            this.deviceUuid = result.data.device_uuid;
+        }
+        return result;
+    }
+    async start2FA(phoneNumber, deviceUuid) {
+        const payload = {
+            number: phoneNumber,
+            device_uuid: deviceUuid,
+        };
+        return await this._request('POST', ENDPOINT_TWOFA_START, { jsonData: payload });
+    }
+    async verify2FA(phoneNumber, code, deviceUuid, secondAuthToken = null) {
+        const payload = {
+            number: phoneNumber,
+            code: code,
+            device_uuid: deviceUuid,
+        };
+        if (secondAuthToken) {
+            payload.second_auth_token = secondAuthToken;
+        }
+        const result = await this._request('POST', ENDPOINT_TWOFA_VERIFY, { jsonData: payload });
+        if (result && result.data && result.data.token) {
+            this.token = result.data.token;
+        }
+        else {
+            throw new Error('No token in verify response');
+        }
+        return result;
+    }
+    async login(deviceUuid = null) {
+        const uuidToUse = deviceUuid || this.deviceUuid;
+        if (!uuidToUse) {
+            throw new Error('No device_uuid available for login');
+        }
+        const payload = { device_uuid: uuidToUse };
+        const result = await this._request('POST', ENDPOINT_LOGIN, { jsonData: payload });
+        if (result && result.data && result.data.token) {
+            this.token = result.data.token;
+        }
+        return result;
+    }
+    async logout() {
+        if (!this.token)
+            return;
+        try {
+            await this._request('POST', ENDPOINT_LOGOUT, { authenticated: true });
+        }
+        catch (err) {
+            // Best-effort logout
+        }
+        finally {
+            this.token = null;
+        }
+    }
+    async getUserDetails() {
+        return await this._request('GET', ENDPOINT_USER_DETAILS, { authenticated: true });
+    }
+    async unlock(lockUuid) {
+        const endpoint = ENDPOINT_UNLOCK.replace('{uuid}', lockUuid);
+        return await this._request('POST', endpoint, { authenticated: true });
+    }
+    async unlockLong(lockUuid) {
+        const endpoint = ENDPOINT_UNLOCK_LONG.replace('{uuid}', lockUuid);
+        return await this._request('POST', endpoint, { authenticated: true });
+    }
+}
+exports.InterQRApiClient = InterQRApiClient;

package/dist/index.js

@@ -0,0 +1,6 @@
+"use strict";
+const settings_1 = require("./settings");
+const platform_1 = require("./platform");
+module.exports = (api) => {
+    api.registerPlatform(settings_1.PLATFORM_NAME, platform_1.InterQRPlatform);
+};

package/dist/platform.js

@@ -0,0 +1,127 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InterQRPlatform = void 0;
+const settings_1 = require("./settings");
+const platformAccessory_1 = require("./platformAccessory");
+const api_1 = require("./api");
+class InterQRPlatform {
+    log;
+    config;
+    api;
+    Service;
+    Characteristic;
+    accessories = new Map();
+    apiClient;
+    updateIntervalMs;
+    refreshTimer;
+    constructor(log, config, api) {
+        this.log = log;
+        this.config = config;
+        this.api = api;
+        this.Service = this.api.hap.Service;
+        this.Characteristic = this.api.hap.Characteristic;
+        this.log.debug('Finished initializing platform:', this.config.name);
+        this.apiClient = new api_1.InterQRApiClient();
+        this.updateIntervalMs = (this.config.updateInterval || 5) * 60 * 1000;
+        this.api.on('didFinishLaunching', () => {
+            this.log.debug('Executed didFinishLaunching callback');
+            if (!this.config.token || !this.config.deviceUuid) {
+                this.log.error('Authentication token or Device UUID missing. Please configure the plugin via the Homebridge UI.');
+                return;
+            }
+            this.apiClient.setToken(this.config.token);
+            this.apiClient.setDeviceUuid(this.config.deviceUuid);
+            this.discoverDevices();
+        });
+    }
+    configureAccessory(accessory) {
+        this.log.info('Loading accessory from cache:', accessory.displayName);
+        this.accessories.set(accessory.UUID, accessory);
+    }
+    async discoverDevices() {
+        try {
+            const details = await this.apiClient.getUserDetails();
+            if (!details || !details.data || !details.data.locks) {
+                this.log.warn('No locks found for this account.');
+                return;
+            }
+            const locks = details.data.locks;
+            const discoveredUUIDs = [];
+            for (const lock of locks) {
+                const uuid = this.api.hap.uuid.generate(lock.uuid);
+                discoveredUUIDs.push(uuid);
+                let accessory = this.accessories.get(uuid);
+                if (accessory) {
+                    this.log.info('Restoring existing accessory from cache:', accessory.displayName);
+                    accessory.context.device = lock;
+                    this.api.updatePlatformAccessories([accessory]);
+                    new platformAccessory_1.InterQRAccessory(this, accessory);
+                }
+                else {
+                    this.log.info('Adding new accessory:', lock.description || lock.name);
+                    accessory = new this.api.platformAccessory(lock.description || lock.name, uuid);
+                    accessory.context.device = lock;
+                    this.api.registerPlatformAccessories(settings_1.PLUGIN_NAME, settings_1.PLATFORM_NAME, [accessory]);
+                    this.accessories.set(uuid, accessory);
+                    new platformAccessory_1.InterQRAccessory(this, accessory);
+                }
+            }
+            // Remove stale accessories
+            for (const [uuid, accessory] of this.accessories.entries()) {
+                if (!discoveredUUIDs.includes(uuid)) {
+                    this.log.info('Removing existing accessory from cache:', accessory.displayName);
+                    this.api.unregisterPlatformAccessories(settings_1.PLUGIN_NAME, settings_1.PLATFORM_NAME, [accessory]);
+                    this.accessories.delete(uuid);
+                }
+            }
+            this.scheduleNextUpdate();
+        }
+        catch (error) {
+            if (error.message.includes('Authentication failed')) {
+                this.log.warn('Authentication failed. Attempting silent token refresh via login...');
+                const success = await this.refreshAuthToken();
+                if (success) {
+                    this.log.info('Token refreshed successfully. Retrying discovery...');
+                    return this.discoverDevices();
+                }
+                else {
+                    this.log.error('Failed to refresh token. Please re-authenticate via Homebridge Settings or check configuration.');
+                }
+            }
+            else {
+                this.log.error('Error discovering devices:', error.message);
+            }
+            // Try again later even if failed
+            this.scheduleNextUpdate();
+        }
+    }
+    async refreshAuthToken() {
+        try {
+            if (!this.config.deviceUuid)
+                return false;
+            const result = await this.apiClient.login(this.config.deviceUuid);
+            if (result && result.data && result.data.token) {
+                // Technically, this token is stored in memory. We'd ideally save it back to config.
+                // Since homebridge doesn't officially support programmatic config updates easily,
+                // we'll at least keep it working until restart. The user should update config if they restart.
+                this.config.token = result.data.token;
+                this.log.warn('Token refreshed in memory. Please note that if you restart Homebridge, you might need to re-login via UI if the old token is permanently revoked.');
+                return true;
+            }
+            return false;
+        }
+        catch (error) {
+            this.log.error('Silent refresh failed:', error.message);
+            return false;
+        }
+    }
+    scheduleNextUpdate() {
+        if (this.refreshTimer) {
+            clearTimeout(this.refreshTimer);
+        }
+        this.refreshTimer = setTimeout(() => {
+            this.discoverDevices();
+        }, this.updateIntervalMs);
+    }
+}
+exports.InterQRPlatform = InterQRPlatform;

package/dist/platformAccessory.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InterQRAccessory = void 0;
+class InterQRAccessory {
+    platform;
+    accessory;
+    service;
+    autoRelockTimer;
+    constructor(platform, accessory) {
+        this.platform = platform;
+        this.accessory = accessory;
+        const device = accessory.context.device;
+        this.accessory.getService(this.platform.Service.AccessoryInformation)
+            .setCharacteristic(this.platform.Characteristic.Manufacturer, 'InterQR')
+            .setCharacteristic(this.platform.Characteristic.Model, 'Smart Lock')
+            .setCharacteristic(this.platform.Characteristic.SerialNumber, device.uuid);
+        this.service = this.accessory.getService(this.platform.Service.LockMechanism) || this.accessory.addService(this.platform.Service.LockMechanism);
+        this.service.setCharacteristic(this.platform.Characteristic.Name, device.description || device.name);
+        // Initial state is Locked
+        this.service.updateCharacteristic(this.platform.Characteristic.LockCurrentState, this.platform.Characteristic.LockCurrentState.SECURED);
+        this.service.updateCharacteristic(this.platform.Characteristic.LockTargetState, this.platform.Characteristic.LockTargetState.SECURED);
+        this.service.getCharacteristic(this.platform.Characteristic.LockTargetState)
+            .onSet(this.setLockTargetState.bind(this));
+    }
+    async setLockTargetState(value) {
+        if (value === this.platform.Characteristic.LockTargetState.SECURED) {
+            this.platform.log.debug(`[${this.accessory.displayName}] Ignoring lock command since InterQR is unlock-only.`);
+            this.service.updateCharacteristic(this.platform.Characteristic.LockCurrentState, this.platform.Characteristic.LockCurrentState.SECURED);
+            return;
+        }
+        // Unsecured requested
+        try {
+            this.platform.log.info(`[${this.accessory.displayName}] Sending unlock command...`);
+            await this.platform.apiClient.unlock(this.accessory.context.device.uuid);
+            this.platform.log.info(`[${this.accessory.displayName}] Unlocked successfully.`);
+            this.service.updateCharacteristic(this.platform.Characteristic.LockCurrentState, this.platform.Characteristic.LockCurrentState.UNSECURED);
+            if (this.autoRelockTimer) {
+                clearTimeout(this.autoRelockTimer);
+            }
+            this.autoRelockTimer = setTimeout(() => {
+                this.platform.log.debug(`[${this.accessory.displayName}] Auto-relocking homebridge state.`);
+                this.service.updateCharacteristic(this.platform.Characteristic.LockTargetState, this.platform.Characteristic.LockTargetState.SECURED);
+                this.service.updateCharacteristic(this.platform.Characteristic.LockCurrentState, this.platform.Characteristic.LockCurrentState.SECURED);
+            }, 5000);
+        }
+        catch (error) {
+            this.platform.log.error(`[${this.accessory.displayName}] Failed to unlock: ${error.message}`);
+            // Revert to locked state
+            this.service.updateCharacteristic(this.platform.Characteristic.LockTargetState, this.platform.Characteristic.LockTargetState.SECURED);
+            this.service.updateCharacteristic(this.platform.Characteristic.LockCurrentState, this.platform.Characteristic.LockCurrentState.SECURED);
+        }
+    }
+}
+exports.InterQRAccessory = InterQRAccessory;

package/dist/settings.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PLUGIN_NAME = exports.PLATFORM_NAME = void 0;
+/**
+ * This is the name of the platform that users will use to register the plugin in the Homebridge config.json
+ */
+exports.PLATFORM_NAME = 'InterQR';
+/**
+ * This must match the name of your plugin as defined the package.json
+ */
+exports.PLUGIN_NAME = 'homebridge-interqr';

package/homebridge-ui/public/index.html

@@ -0,0 +1,117 @@
+<div class="card text-center" id="intro-card">
+  <div class="card-body">
+    <h5 class="card-title">InterQR Login</h5>
+    <p class="card-text">Connect to your InterQR account to control your locks from Homebridge.</p>
+    <button id="btn-start" class="btn btn-primary">Login with Phone Number</button>
+  </div>
+</div>
+
+<div class="card text-center d-none" id="phone-card">
+  <div class="card-body">
+    <h5 class="card-title">Enter Phone Number</h5>
+    <p class="card-text">Enter your phone number in international format (e.g. +1234567890).</p>
+    <div class="form-group mb-3">
+      <input type="text" class="form-control" id="phone-input" placeholder="+1234567890">
+    </div>
+    <button id="btn-request-sms" class="btn btn-primary">Send SMS Code</button>
+  </div>
+</div>
+
+<div class="card text-center d-none" id="code-card">
+  <div class="card-body">
+    <h5 class="card-title">Enter SMS Code</h5>
+    <p class="card-text">Enter the verification code sent to your phone.</p>
+    <div class="form-group mb-3">
+      <input type="text" class="form-control" id="code-input" placeholder="1234">
+    </div>
+    <button id="btn-verify-sms" class="btn btn-primary">Verify Code</button>
+  </div>
+</div>
+
+<div class="card text-center d-none" id="success-card">
+  <div class="card-body">
+    <h5 class="card-title text-success">Login Successful!</h5>
+    <p class="card-text">Your configuration has been updated. You can now close this window and restart Homebridge.</p>
+  </div>
+</div>
+
+<script>
+  (async () => {
+    // 1. Get plugin config to check if already logged in
+    const pluginConfig = await homebridge.getPluginConfig();
+    const isConfigured = pluginConfig && pluginConfig.length > 0 && pluginConfig[0].token;
+
+    if (isConfigured) {
+      document.getElementById('intro-card').innerHTML = `
+        <div class="card-body text-success">
+          <h5 class="card-title">Already Logged In</h5>
+          <p class="card-text">You are already connected to InterQR. Do you want to re-authenticate?</p>
+          <button id="btn-start" class="btn btn-warning">Re-Authenticate</button>
+        </div>
+      `;
+    }
+
+    // 2. Start flow
+    document.getElementById('btn-start')?.addEventListener('click', () => {
+      document.getElementById('intro-card').classList.add('d-none');
+      document.getElementById('phone-card').classList.remove('d-none');
+    });
+
+    let currentPhone = '';
+
+    // 3. Request SMS
+    document.getElementById('btn-request-sms').addEventListener('click', async () => {
+      currentPhone = document.getElementById('phone-input').value.trim();
+      if (!currentPhone) {
+        homebridge.toast.error('Please enter a phone number', 'Error');
+        return;
+      }
+
+      homebridge.showSpinner();
+      try {
+        await homebridge.request('/request-sms', { phone: currentPhone });
+        homebridge.hideSpinner();
+        
+        document.getElementById('phone-card').classList.add('d-none');
+        document.getElementById('code-card').classList.remove('d-none');
+        homebridge.toast.success('SMS code sent to your phone', 'Success');
+      } catch (err) {
+        homebridge.hideSpinner();
+        homebridge.toast.error(err.message || 'Failed to request SMS', 'Error');
+      }
+    });
+
+    // 4. Verify SMS
+    document.getElementById('btn-verify-sms').addEventListener('click', async () => {
+      const code = document.getElementById('code-input').value.trim();
+      if (!code) {
+        homebridge.toast.error('Please enter the SMS code', 'Error');
+        return;
+      }
+
+      homebridge.showSpinner();
+      try {
+        const response = await homebridge.request('/verify-sms', { phone: currentPhone, code: code });
+        
+        // Update plugin config
+        const config = pluginConfig && pluginConfig.length > 0 ? pluginConfig[0] : { name: "InterQR" };
+        config.phoneNumber = currentPhone;
+        config.token = response.token;
+        config.deviceUuid = response.deviceUuid;
+        
+        await homebridge.updatePluginConfig([config]);
+        await homebridge.savePluginConfig();
+        
+        homebridge.hideSpinner();
+        
+        document.getElementById('code-card').classList.add('d-none');
+        document.getElementById('success-card').classList.remove('d-none');
+        homebridge.toast.success('Login Successful! Please restart Homebridge.', 'Success');
+      } catch (err) {
+        homebridge.hideSpinner();
+        homebridge.toast.error(err.message || 'Failed to verify SMS', 'Error');
+      }
+    });
+
+  })();
+</script>

package/homebridge-ui/server.js

@@ -0,0 +1,50 @@
+const { HomebridgePluginUiServer } = require('@homebridge/plugin-ui-utils');
+
+class PluginUiServer extends HomebridgePluginUiServer {
+    constructor() {
+        super();
+        let api;
+        try {
+            api = require('../dist/api').InterQRApiClient;
+        } catch (e) {
+            this.pushEvent('print-log', 'Failed to load api client. Please ensure you built the plugin.');
+        }
+
+        this.apiClient = new api();
+        this.currentDeviceUuid = null;
+
+        this.onRequest('/request-sms', this.handleRequestSms.bind(this));
+        this.onRequest('/verify-sms', this.handleVerifySms.bind(this));
+
+        this.ready();
+    }
+
+    async handleRequestSms(payload) {
+        try {
+            const initRes = await this.apiClient.initDevice();
+            this.currentDeviceUuid = initRes.data.device_uuid;
+
+            await this.apiClient.start2FA(payload.phone, this.currentDeviceUuid);
+            return { success: true };
+        } catch (e) {
+            throw new Error(e.message || 'Failed to request SMS code');
+        }
+    }
+
+    async handleVerifySms(payload) {
+        try {
+            const res = await this.apiClient.verify2FA(payload.phone, payload.code, this.currentDeviceUuid);
+            return {
+                success: true,
+                token: res.data.token,
+                deviceUuid: this.currentDeviceUuid
+            };
+        } catch (e) {
+            throw new Error(e.message || 'Failed to verify SMS code');
+        }
+    }
+}
+
+(() => {
+    return new PluginUiServer();
+})();

package/package.json

@@ -0,0 +1,50 @@
+{
+    "name": "homebridge-interqr",
+    "displayName": "Homebridge InterQR",
+    "version": "1.0.0",
+    "description": "Homebridge plugin for InterQR smart locks",
+    "license": "MIT",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/orevron/homebridge-interqr.git"
+    },
+    "bugs": {
+        "url": "https://github.com/orevron/homebridge-interqr/issues"
+    },
+    "engines": {
+        "node": "^18.14.0 || ^20.0.0 || ^22.0.0",
+        "homebridge": "^1.6.0"
+    },
+    "main": "dist/index.js",
+    "scripts": {
+        "lint": "eslint src/**.ts --max-warnings=0",
+        "watch": "npm run build && npm run link && nodemon",
+        "build": "rimraf dist && tsc",
+        "prepublishOnly": "npm run lint && npm run build"
+    },
+    "keywords": [
+        "homebridge-plugin",
+        "interqr",
+        "smart-lock",
+        "lock"
+    ],
+    "files": [
+        "dist",
+        "homebridge-ui",
+        "config.schema.json"
+    ],
+    "dependencies": {
+        "axios": "^1.6.0"
+    },
+    "devDependencies": {
+        "@homebridge/plugin-ui-utils": "^1.0.1",
+        "@types/node": "^20.0.0",
+        "@typescript-eslint/eslint-plugin": "^7.0.0",
+        "@typescript-eslint/parser": "^7.0.0",
+        "eslint": "^8.0.0",
+        "homebridge": "^1.8.0",
+        "nodemon": "^3.0.0",
+        "rimraf": "^5.0.0",
+        "typescript": "^5.4.0"
+    }
+}