homebridge-melcloud-control 4.3.11-beta.12 → 4.3.11-beta.14

package/package.json

@@ -1,7 +1,7 @@
 {
   "displayName": "MELCloud Control",
   "name": "homebridge-melcloud-control",
-  "version": "4.3.11-beta.12",
+  "version": "4.3.11-beta.14",
   "description": "Homebridge plugin to control Mitsubishi Air Conditioner, Heat Pump and Energy Recovery Ventilation.",
   "license": "MIT",
   "author": "grzegorz914",
@@ -40,7 +40,10 @@
     "axios": "^1.13.2",
     "express": "^5.2.1",
     "puppeteer": "^24.32.0",
-    "ws": "^8.18.3"
+    "ws": "^8.18.3",
+    "axios-cookiejar-support": "^6.0.5",
+    "tough-cookie": "^6.0.0",
+    "jsdom": "^27.2.0"
   },
   "keywords": [
     "homebridge",

package/src/melcloudhome.js

@@ -457,26 +457,24 @@ class MelCloudHome extends EventEmitter {
 
     async connect() {
         if (this.logDebug) this.emit('debug', 'Connecting to MELCloud Home');
+        const client = new MELCloudHomeAuth({ debug: true });
         try {
-            const auth = new MELCloudHomeAuth();
-
-            await auth.login(this.user, this.passwd);
-
+            await client.login(this.user, this.passwd);
             console.log("Logged in!");
 
-            const client = auth.getClient();
+            const ctx = await client.getUserContext();
+            console.log("User context:", JSON.stringify(ctx, null, 2));
 
-            const ctx = await client.get("https://melcloudhome.com/api/user/context", {
-                headers: {
-                    Accept: "application/json",
-                    "x-csrf": "1",
-                    referer: "https://melcloudhome.com/dashboard",
-                },
-            });
+            const devices = await client.getDevices();
+            console.log("Devices:", JSON.stringify(devices, null, 2));
 
-            console.log(ctx.data);
-        } catch (error) {
-            throw new Error(`Connect error: ${error.message}`);
+            // If you need a token-like object:
+            const tokens = await client.getAuthTokenCandidates();
+            console.log("Token candidates:", tokens);
+        } catch (err) {
+            console.error("Error:", err.message || err);
+        } finally {
+            await client.logout();
         }
     }
 }

package/src/melcloudhomeauth.js

@@ -1,8 +1,23 @@
+// MelcloudHomeClient.js
 import axios from "axios";
 import { wrapper } from "axios-cookiejar-support";
 import { CookieJar } from "tough-cookie";
 import { JSDOM } from "jsdom";
 
+/**
+ * MELCloud Home client (login via AWS Cognito OAuth).
+ *
+ * Notes:
+ * - MELCloud Home uses cookie/session-based auth after the Cognito OAuth redirect chain.
+ * - There is not necessarily a single "Bearer token" like classic MELCloud; instead the client
+ *   keeps cookies and must send x-csrf header (value "1") + referer for API calls.
+ *
+ * Use:
+ *   const client = new MelcloudHomeClient({ debug: true });
+ *   await client.login(email, password);
+ *   const ctx = await client.getUserContext();
+ */
+
 const USER_AGENT =
     "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36";
 
@@ -10,13 +25,16 @@ const BASE_URL = "https://melcloudhome.com";
 const COGNITO_BASE =
     "https://live-melcloudhome.auth.eu-west-1.amazoncognito.com";
 
-export class MELCloudHomeAuth {
-    constructor() {
+export class MelcloudHomeClient {
+    constructor({ timeout = 30000, debug = false } = {}) {
+        this.debug = debug;
         this.jar = new CookieJar();
-        this.client = wrapper(
+
+        this.axios = wrapper(
             axios.create({
                 jar: this.jar,
-                timeout: 30000,
+                withCredentials: true,
+                timeout,
                 maxRedirects: 10,
                 headers: {
                     "User-Agent": USER_AGENT,
@@ -34,42 +52,63 @@ export class MELCloudHomeAuth {
         this.authenticated = false;
     }
 
-    //
-    // 1. Start OAuth login → redirected to AWS Cognito login page
-    //
+    log(...args) {
+        if (this.debug) console.log("[MelcloudHomeClient]", ...args);
+    }
+
+    // --- Step 1: start login flow and get Cognito login page + CSRF token ---
     async startLoginFlow() {
-        const resp = await this.client.get(`${BASE_URL}/bff/login`, {
+        this.log("Starting login flow: GET /bff/login");
+        const resp = await this.axios.get(`${BASE_URL}/bff/login`, {
             params: { returnUrl: "/dashboard" },
+            validateStatus: () => true,
         });
 
-        const finalUrl = resp.request.res.responseUrl;
+        // axios places final URL on resp.request?.res?.responseUrl or resp.request?.path for some envs
+        const finalUrl =
+            resp.request?.res?.responseUrl ||
+            resp.request?.res?.responseUrl ||
+            (resp.config && resp.config.url) ||
+            "";
+
+        this.log("Received final redirect URL:", finalUrl);
 
+        // We expect redirect to Cognito login (amazoncognito.com/*/login)
         if (!finalUrl.includes("amazoncognito.com/login")) {
-            throw new Error(`Unexpected redirect: ${finalUrl}`);
+            // Some environments might follow redirects into HTML that contains the redirect link
+            // Try parse HTML for a form that posts to cognito if finalUrl isn't cognito.
+            if (resp.data && typeof resp.data === "string" && resp.data.includes("amazoncognito.com")) {
+                this.log("Found amazoncognito reference in html; proceeding to parse HTML for csrf");
+            } else {
+                throw new Error(`Unexpected redirect during login flow. finalUrl=${finalUrl}`);
+            }
         }
 
         const html = resp.data;
         const csrf = this.extractCsrf(html);
-
         if (!csrf) {
-            throw new Error("Failed to extract CSRF token.");
+            // It's possible Cognito login page uses meta or JS to set token; try other heuristics
+            throw new Error("Failed to extract CSRF token from Cognito login page HTML");
         }
 
-        return { loginUrl: finalUrl, csrf };
+        // Derive loginUrl: if the finalUrl contains query string or state, use it; otherwise find cognito login action in HTML
+        const loginUrl = this.findCognitoLoginUrl(html) || finalUrl;
+
+        return { loginUrl, csrf };
     }
 
-    //
-    // 2. Submit credentials to Cognito
-    //
+    // --- Step 2: submit credentials to Cognito ---
     async submitCredentials(loginUrl, csrf, username, password) {
+        this.log("Submitting credentials to Cognito:", loginUrl);
+
         const payload = new URLSearchParams({
             _csrf: csrf,
             username,
             password,
-            cognitoAsfData: "",
+            cognitoAsfData: "", // placeholder; may be required if Cognito enforces advanced security
         });
 
-        const resp = await this.client.post(loginUrl, payload, {
+        const resp = await this.axios.post(loginUrl, payload.toString(), {
             headers: {
                 "Content-Type": "application/x-www-form-urlencoded",
                 Origin: COGNITO_BASE,
@@ -79,102 +118,197 @@ export class MELCloudHomeAuth {
             validateStatus: () => true,
         });
 
-        const finalUrl = resp.request.res.responseUrl;
+        const finalUrl =
+            resp.request?.res?.responseUrl || resp.config?.url || "unknown";
+
+        this.log("Post-login final URL:", finalUrl, "status:", resp.status);
 
-        if (finalUrl.includes("/error")) {
-            throw new Error("Authentication failed: error returned from Cognito");
+        // Common failure patterns
+        if (finalUrl.includes("/error") || resp.status >= 400) {
+            // try extract error message
+            const errMsg = this.extractErrorMessage(resp.data) || "Unknown error from Cognito";
+            throw new Error(`Authentication failed: ${errMsg}`);
         }
 
+        // If still on Cognito domain -> bad credentials or MFA required
         if (finalUrl.includes("amazoncognito.com")) {
-            throw new Error("Authentication failed: invalid username or password");
+            throw new Error("Authentication failed: invalid username/password or additional challenge required");
         }
 
-        // Success: redirected back to melcloudhome.com
+        // Success: redirected back to melcloudhome domain
         if (finalUrl.includes("melcloudhome.com")) {
             this.authenticated = true;
+            this.log("Successfully authenticated, session cookies stored.");
+            // Wait a short time for Blazor / client initialization (server may set additional cookies)
+            await this._delay(2500);
             return true;
         }
 
-        throw new Error(`Unexpected final redirect: ${finalUrl}`);
+        throw new Error(`Unexpected redirect after login: ${finalUrl}`);
+    }
+
+    // Public login method
+    async login(username, password) {
+        try {
+            const { loginUrl, csrf } = await this.startLoginFlow();
+            await this.submitCredentials(loginUrl, csrf, username, password);
+
+            // Validate session by calling /api/user/context
+            const ok = await this.checkSession();
+            if (!ok) {
+                this.authenticated = false;
+                throw new Error("Session not valid after login");
+            }
+
+            this.log("Login flow complete and session validated.");
+            return true;
+        } catch (err) {
+            // Re-throw with contextual message
+            throw new Error(`Login error: ${err.message || err}`);
+        }
     }
 
-    //
-    // 3. Validate session – equivalent to Python check_session()
-    //
+    // Check session by calling /api/user/context
     async checkSession() {
         if (!this.authenticated) return false;
-
+        this.log("Checking session via /api/user/context");
         try {
-            const resp = await this.client.get(`${BASE_URL}/api/user/context`, {
+            const resp = await this.axios.get(`${BASE_URL}/api/user/context`, {
                 headers: {
                     Accept: "application/json",
                     "x-csrf": "1",
-                    referer: `${BASE_URL}/dashboard`,
+                    Referer: `${BASE_URL}/dashboard`,
                 },
                 validateStatus: () => true,
             });
 
+            this.log("Context status:", resp.status);
             if (resp.status === 200) return true;
-            if (resp.status === 401) return false;
-
+            if (resp.status === 401) {
+                this.authenticated = false;
+                return false;
+            }
             return false;
-        } catch {
+        } catch (err) {
+            this.log("checkSession error:", err && err.message);
             return false;
         }
     }
 
-    //
-    // 4. Main login() method
-    //
-    async login(username, password) {
-        const step1 = await this.startLoginFlow();
+    // Get user context (returns JSON from /api/user/context)
+    async getUserContext() {
+        if (!this.authenticated) throw new Error("Not authenticated - call login()");
+        const resp = await this.axios.get(`${BASE_URL}/api/user/context`, {
+            headers: {
+                Accept: "application/json",
+                "x-csrf": "1",
+                Referer: `${BASE_URL}/dashboard`,
+            },
+        });
+        return resp.data;
+    }
 
-        await this.submitCredentials(
-            step1.loginUrl,
-            step1.csrf,
-            username,
-            password
-        );
+    // Example: get devices (may vary depending on API surface)
+    async getDevices() {
+        if (!this.authenticated) throw new Error("Not authenticated - call login()");
+        const resp = await this.axios.get(`${BASE_URL}/api/devices/devices`, {
+            headers: {
+                Accept: "application/json",
+                "x-csrf": "1",
+                Referer: `${BASE_URL}/dashboard`,
+            },
+            validateStatus: () => true,
+        });
 
-        // Wait for Blazor session init – same as Python sleep(3)
-        await new Promise((r) => setTimeout(r, 3000));
+        if (resp.status !== 200) {
+            throw new Error(`Failed to get devices: ${resp.status}`);
+        }
+        return resp.data;
+    }
+
+    // Logout
+    async logout() {
+        try {
+            await this.axios.get(`${BASE_URL}/bff/logout`, { validateStatus: () => true });
+        } catch (e) {
+            // ignore
+        } finally {
+            this.authenticated = false;
+        }
+    }
 
-        const ok = await this.checkSession();
-        if (!ok) throw new Error("Session not valid after login");
+    // Try to extract 'token-like' values:
+    // - Some flows may expose tokens in /api/user/context (accessToken/idToken)
+    // - other times, session is cookie-based only; return cookie-based identifiers if present.
+    async getAuthTokenCandidates() {
+        // prefer context
+        try {
+            const ctx = await this.getUserContext();
+            // return common token fields if present
+            const maybe = {};
+            if (ctx?.accessToken) maybe.accessToken = ctx.accessToken;
+            if (ctx?.idToken) maybe.idToken = ctx.idToken;
+            if (ctx?.refreshToken) maybe.refreshToken = ctx.refreshToken;
+            if (Object.keys(maybe).length) return maybe;
+        } catch (e) {
+            // ignore
+        }
 
-        return true;
+        // fallback: inspect cookies for Cognito identity / session cookies
+        const cookies = await this.jar.getCookies(BASE_URL);
+        const cookieMap = {};
+        for (const c of cookies) {
+            cookieMap[c.key] = c.value;
+        }
+        return { cookies: cookieMap };
     }
 
-    //
-    // Extract CSRF from Cognito HTML
-    //
+    // Utility: extract CSRF token from HTML using JSDOM or regex fallback
     extractCsrf(html) {
-        const dom = new JSDOM(html);
-        const input = dom.window.document.querySelector('input[name="_csrf"]');
-        return input?.value || null;
+        if (!html) return null;
+        try {
+            const dom = new JSDOM(html);
+            const el = dom.window.document.querySelector('input[name="_csrf"]');
+            if (el && el.value) return el.value;
+        } catch (e) {
+            // ignore and try regex
+        }
+
+        // regex fallback
+        const m = html.match(/<input[^>]+name="_csrf"[^>]+value="([^"]+)"/i);
+        if (m) return m[1];
+        const m2 = html.match(/name="_csrf"[^>]*value='([^']+)'/i);
+        if (m2) return m2[1];
+        return null;
     }
 
-    //
-    // Return axios instance for authenticated calls
-    //
-    getClient() {
-        if (!this.authenticated) {
-            throw new Error("Not authenticated. Call login() first.");
-        }
-        return this.client;
+    // Try to find Cognito login action URL inside HTML (form action) as fallback
+    findCognitoLoginUrl(html) {
+        if (!html) return null;
+        const m = html.match(/action="([^"]*amazoncognito\.com[^"]*)"/i);
+        if (m) return m[1];
+        return null;
     }
 
-    //
-    // Logout
-    //
-    async logout() {
-        try {
-            await this.client.get(`${BASE_URL}/bff/logout`);
-        } catch (_) { }
+    // Try to extract an error message from Cognito error page HTML
+    extractErrorMessage(html) {
+        if (!html) return null;
+        const patterns = [
+            /<div[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/div>/i,
+            /<span[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/span>/i,
+            /<p[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/p>/i,
+            /<div[^>]*id=".*error.*"[^>]*>([^<]+)<\/div>/i,
+        ];
+        for (const p of patterns) {
+            const m = html.match(p);
+            if (m) return m[1].trim();
+        }
+        return null;
+    }
 
-        this.authenticated = false;
+    _delay(ms) {
+        return new Promise((r) => setTimeout(r, ms));
     }
 }
 
-export default MELCloudHomeAuth;