npm - homebridge-melcloud-control - Versions diffs - 4.3.11-beta.19 → 4.3.11-beta.20 - Mend

homebridge-melcloud-control 4.3.11-beta.19 → 4.3.11-beta.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/melcloudhomeauth.js +205 -301

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "displayName": "MELCloud Control",
   "name": "homebridge-melcloud-control",
-  "version": "4.3.11-beta.19",
+  "version": "4.3.11-beta.20",
   "description": "Homebridge plugin to control Mitsubishi Air Conditioner, Heat Pump and Energy Recovery Ventilation.",
   "license": "MIT",
   "author": "grzegorz914",

package/src/melcloudhomeauth.js CHANGED Viewed

@@ -3,322 +3,226 @@ import { wrapper } from "axios-cookiejar-support";
 import { CookieJar } from "tough-cookie";
 import { JSDOM } from "jsdom";
-/**
- * MELCloud Home client (login via AWS Cognito OAuth).
- *
- * Notes:
- * - MELCloud Home uses cookie/session-based auth after the Cognito OAuth redirect chain.
- * - There is not necessarily a single "Bearer token" like classic MELCloud; instead the client
- *   keeps cookies and must send x-csrf header (value "1") + referer for API calls.
- *
- * Use:
- *   const client = new MelcloudHomeClient({ debug: true });
- *   await client.login(email, password);
- *   const ctx = await client.getUserContext();
- */
+// Constants
 const USER_AGENT =
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36";
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36";
 const BASE_URL = "https://melcloudhome.com";
 const COGNITO_BASE =
-    "https://live-melcloudhome.auth.eu-west-1.amazoncognito.com";
+  "https://live-melcloudhome.auth.eu-west-1.amazoncognito.com";
 class MELCloudHomeAuth {
-    constructor({ timeout = 30000, debug = false } = {}) {
-        this.debug = debug;
-        this.jar = new CookieJar();
-        this.axios = wrapper(
-            axios.create({
-                jar: this.jar,
-                withCredentials: true,
-                timeout,
-                maxRedirects: 10,
-                headers: {
-                    "User-Agent": USER_AGENT,
-                    Accept:
-                        "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
-                    "Accept-Language": "en-US,en;q=0.9",
-                    "sec-ch-ua":
-                        '"Chromium";v="124", "Google Chrome";v="124", "Not A(Brand";v="99"',
-                    "sec-ch-ua-mobile": "?0",
-                    "sec-ch-ua-platform": '"macOS"',
-                },
-            })
-        );
-        this.authenticated = false;
-    }
-    log(...args) {
-        if (this.debug) console.log("[MelcloudHomeClient]", ...args);
-    }
-    // --- Step 1: start login flow and get Cognito login page + CSRF token ---
-    async startLoginFlow() {
-        this.log("Starting login flow: GET /bff/login");
-        const resp = await this.axios.get(`${BASE_URL}/bff/login`, {
-            params: { returnUrl: "/dashboard" },
-            validateStatus: () => true,
-        });
-        // axios places final URL on resp.request?.res?.responseUrl or resp.request?.path for some envs
-        const finalUrl =
-            resp.request?.res?.responseUrl ||
-            resp.request?.res?.responseUrl ||
-            (resp.config && resp.config.url) ||
-            "";
-        this.log("Received final redirect URL:", finalUrl);
-        // We expect redirect to Cognito login (amazoncognito.com/*/login)
-        if (!finalUrl.includes("amazoncognito.com/login")) {
-            // Some environments might follow redirects into HTML that contains the redirect link
-            // Try parse HTML for a form that posts to cognito if finalUrl isn't cognito.
-            if (resp.data && typeof resp.data === "string" && resp.data.includes("amazoncognito.com")) {
-                this.log("Found amazoncognito reference in html; proceeding to parse HTML for csrf");
-            } else {
-                throw new Error(`Unexpected redirect during login flow. finalUrl=${finalUrl}`);
-            }
-        }
-        const html = resp.data;
-        const csrf = this.extractCsrf(html);
-        if (!csrf) {
-            // It's possible Cognito login page uses meta or JS to set token; try other heuristics
-            throw new Error("Failed to extract CSRF token from Cognito login page HTML");
-        }
-        // Derive loginUrl: if the finalUrl contains query string or state, use it; otherwise find cognito login action in HTML
-        const loginUrl = this.findCognitoLoginUrl(html) || finalUrl;
-        return { loginUrl, csrf };
-    }
-    // --- Step 2: submit credentials to Cognito ---
-    async submitCredentials(loginUrl, csrf, username, password) {
-        this.log("Submitting credentials to Cognito:", loginUrl);
-        const payload = new URLSearchParams({
-            _csrf: csrf,
-            username,
-            password,
-            cognitoAsfData: "",
-        });
-        const resp = await this.axios.post(loginUrl, payload.toString(), {
-            headers: {
-                "Content-Type": "application/x-www-form-urlencoded",
-                Origin: COGNITO_BASE,
-                Referer: loginUrl,
-            },
-            validateStatus: () => true,
-            maxRedirects: 0
-        });
-        const redirectUrl =
-            resp.headers.location ||
-            resp.request?.res?.responseUrl ||
-            resp.config.url;
-        if (!redirectUrl.includes("signin-oidc")) {
-            throw new Error("Authentication failed: signin-oidc callback not received");
-        }
-        this.log("Calling signin-oidc:", redirectUrl);
-        // --- MEGA WAŻNE: wywołać callback ---
-        const callback = await this.axios.get(redirectUrl, {
-            headers: {
-                Referer: loginUrl,
-                "User-Agent": USER_AGENT,
-                Accept: "text/html",
-            },
-            validateStatus: () => true
-        });
-        this.log("signin-oidc status:", callback.status);
-        // Status 500 JEST NORMALNY – liczą się cookies!
-        const cookies = await this.jar.getCookies(redirectUrl);
-        this.log("After signin-oidc cookies:", cookies.map(c => c.key));
-        // Jeżeli pojawił się cookie `meu.identity` – logowanie jest zakończone
-        const hasIdentity = cookies.some(c => c.key.includes("meu.identity"));
-        if (!hasIdentity) {
-            throw new Error("openid callback did not produce a session cookie");
-        }
-        this.authenticated = true;
-        return true;
-    }
-    // Public login method
-    async login(username, password) {
-        try {
-            const { loginUrl, csrf } = await this.startLoginFlow();
-            await this.submitCredentials(loginUrl, csrf, username, password);
-            // Validate session by calling /api/user/context
-            const ok = await this.checkSession();
-            if (!ok) {
-                this.authenticated = false;
-                throw new Error("Session not valid after login");
-            }
-            this.log("Login flow complete and session validated.");
-            return true;
-        } catch (err) {
-            // Re-throw with contextual message
-            throw new Error(`Login error: ${err.message || err}`);
-        }
+  constructor({ debug = false } = {}) {
+    this.debug = debug;
+    this.jar = new CookieJar();
+    this.axios = wrapper(
+      axios.create({
+        jar: this.jar,
+        withCredentials: true,
+        maxRedirects: 10,
+        headers: {
+          "User-Agent": USER_AGENT,
+          Accept:
+            "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
+          "Accept-Language": "en-US,en;q=0.9",
+        },
+      })
+    );
+    this.authenticated = false;
+  }
+  log(...args) {
+    if (this.debug) console.log("[MelcloudHomeClient]", ...args);
+  }
+  _delay(ms) {
+    return new Promise((r) => setTimeout(r, ms));
+  }
+  // --- Helper: generate cognitoAsfData (simplified) ---
+  generateAsfData() {
+    const data = {
+      deviceName: "Chrome",
+      osName: "Macintosh",
+      osVersion: "14_5",
+      timezoneOffset: new Date().getTimezoneOffset(),
+      userAgent: USER_AGENT,
+      screen: { width: 1440, height: 900 },
+      language: "en-US",
+      plugins: [],
+      fonts: [],
+      canvasFingerprint: "simplified", // placeholder
+    };
+    const json = JSON.stringify(data);
+    return Buffer.from(json).toString("base64");
+  }
+  // --- Extract CSRF token from HTML ---
+  extractCsrf(html) {
+    if (!html) return null;
+    try {
+      const dom = new JSDOM(html);
+      const el = dom.window.document.querySelector('input[name="_csrf"]');
+      if (el && el.value) return el.value;
+    } catch {}
+    const m = html.match(/<input[^>]+name="_csrf"[^>]+value="([^"]+)"/i);
+    if (m) return m[1];
+    return null;
+  }
+  findCognitoLoginUrl(html) {
+    if (!html) return null;
+    const m = html.match(/action="([^"]*amazoncognito\.com[^"]*)"/i);
+    if (m) return m[1];
+    return null;
+  }
+  extractErrorMessage(html) {
+    if (!html) return null;
+    const patterns = [
+      /<div[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/div>/i,
+      /<span[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/span>/i,
+      /<p[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/p>/i,
+    ];
+    for (const p of patterns) {
+      const m = html.match(p);
+      if (m) return m[1].trim();
     }
-    // Check session by calling /api/user/context
-    async checkSession() {
-        if (!this.authenticated) return false;
-        this.log("Checking session via /api/user/context");
-        try {
-            const resp = await this.axios.get(`${BASE_URL}/api/user/context`, {
-                headers: {
-                    Accept: "application/json",
-                    "x-csrf": "1",
-                    Referer: `${BASE_URL}/dashboard`,
-                },
-                validateStatus: () => true,
-            });
-            this.log("Context status:", resp.status);
-            if (resp.status === 200) return true;
-            if (resp.status === 401) {
-                this.authenticated = false;
-                return false;
-            }
-            return false;
-        } catch (err) {
-            this.log("checkSession error:", err && err.message);
-            return false;
-        }
+    return null;
+  }
+  async startLoginFlow() {
+    this.log("Starting login flow: GET /bff/login");
+    const resp = await this.axios.get(`${BASE_URL}/bff/login`, {
+      params: { returnUrl: "/dashboard" },
+      validateStatus: () => true,
+    });
+    const finalUrl =
+      resp.request?.res?.responseUrl || resp.config?.url || "";
+    this.log("Received final redirect URL:", finalUrl);
+    const csrf = this.extractCsrf(resp.data);
+    if (!csrf) throw new Error("Failed to extract CSRF token");
+    const loginUrl = this.findCognitoLoginUrl(resp.data) || finalUrl;
+    return { loginUrl, csrf };
+  }
+  async submitCredentials(loginUrl, csrf, username, password) {
+    this.log("Submitting credentials to Cognito...");
+    const payload = new URLSearchParams({
+      _csrf: csrf,
+      username,
+      password,
+      cognitoAsfData: this.generateAsfData(),
+    });
+    // Step 1: POST credentials
+    const resp = await this.axios.post(loginUrl, payload.toString(), {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Origin: COGNITO_BASE,
+        Referer: loginUrl,
+      },
+      validateStatus: () => true,
+      maxRedirects: 0,
+    });
+    const redirectUrl = resp.headers.location || resp.request?.res?.responseUrl;
+    if (!redirectUrl.includes("signin-oidc")) {
+      throw new Error(
+        "Authentication failed: signin-oidc callback not received"
+      );
     }
-    // Get user context (returns JSON from /api/user/context)
-    async getUserContext() {
-        if (!this.authenticated) throw new Error("Not authenticated - call login()");
-        const resp = await this.axios.get(`${BASE_URL}/api/user/context`, {
-            headers: {
-                Accept: "application/json",
-                "x-csrf": "1",
-                Referer: `${BASE_URL}/dashboard`,
-            },
-        });
-        return resp.data;
+    this.log("Calling signin-oidc callback:", redirectUrl);
+    // Step 2: GET callback to set cookies
+    const callback = await this.axios.get(redirectUrl, {
+      headers: {
+        Referer: loginUrl,
+        "User-Agent": USER_AGENT,
+        Accept: "text/html",
+      },
+      validateStatus: () => true,
+    });
+    this.log("signin-oidc status:", callback.status);
+    // Check if cookie meu.identity is set
+    const cookies = await this.jar.getCookies(BASE_URL);
+    const hasIdentity = cookies.some((c) => c.key.includes("meu.identity"));
+    if (!hasIdentity) {
+      throw new Error(
+        "OpenID callback did not produce session cookie (cognitoAsfData missing or rejected)"
+      );
     }
-    // Example: get devices (may vary depending on API surface)
-    async getDevices() {
-        if (!this.authenticated) throw new Error("Not authenticated - call login()");
-        const resp = await this.axios.get(`${BASE_URL}/api/devices/devices`, {
-            headers: {
-                Accept: "application/json",
-                "x-csrf": "1",
-                Referer: `${BASE_URL}/dashboard`,
-            },
-            validateStatus: () => true,
-        });
-        if (resp.status !== 200) {
-            throw new Error(`Failed to get devices: ${resp.status}`);
-        }
-        return resp.data;
+    this.authenticated = true;
+    this.log("Login successful, session cookie meu.identity is present");
+    await this._delay(1000); // short wait for Blazor initialization
+    return true;
+  }
+  async login(username, password) {
+    const { loginUrl, csrf } = await this.startLoginFlow();
+    await this.submitCredentials(loginUrl, csrf, username, password);
+    const valid = await this.checkSession();
+    if (!valid) throw new Error("Session not valid after login");
+    this.log("Login flow complete");
+    return true;
+  }
+  async checkSession() {
+    if (!this.authenticated) return false;
+    try {
+      const resp = await this.axios.get(`${BASE_URL}/api/user/context`, {
+        headers: {
+          Accept: "application/json",
+          "x-csrf": "1",
+          Referer: `${BASE_URL}/dashboard`,
+        },
+        validateStatus: () => true,
+      });
+      return resp.status === 200;
+    } catch {
+      return false;
     }
-    // Logout
-    async logout() {
-        try {
-            await this.axios.get(`${BASE_URL}/bff/logout`, { validateStatus: () => true });
-        } catch (e) {
-            // ignore
-        } finally {
-            this.authenticated = false;
-        }
-    }
-    // Try to extract 'token-like' values:
-    // - Some flows may expose tokens in /api/user/context (accessToken/idToken)
-    // - other times, session is cookie-based only; return cookie-based identifiers if present.
-    async getAuthTokenCandidates() {
-        // prefer context
-        try {
-            const ctx = await this.getUserContext();
-            // return common token fields if present
-            const maybe = {};
-            if (ctx?.accessToken) maybe.accessToken = ctx.accessToken;
-            if (ctx?.idToken) maybe.idToken = ctx.idToken;
-            if (ctx?.refreshToken) maybe.refreshToken = ctx.refreshToken;
-            if (Object.keys(maybe).length) return maybe;
-        } catch (e) {
-            // ignore
-        }
-        // fallback: inspect cookies for Cognito identity / session cookies
-        const cookies = await this.jar.getCookies(BASE_URL);
-        const cookieMap = {};
-        for (const c of cookies) {
-            cookieMap[c.key] = c.value;
-        }
-        return { cookies: cookieMap };
-    }
-    // Utility: extract CSRF token from HTML using JSDOM or regex fallback
-    extractCsrf(html) {
-        if (!html) return null;
-        try {
-            const dom = new JSDOM(html);
-            const el = dom.window.document.querySelector('input[name="_csrf"]');
-            if (el && el.value) return el.value;
-        } catch (e) {
-            // ignore and try regex
-        }
-        // regex fallback
-        const m = html.match(/<input[^>]+name="_csrf"[^>]+value="([^"]+)"/i);
-        if (m) return m[1];
-        const m2 = html.match(/name="_csrf"[^>]*value='([^']+)'/i);
-        if (m2) return m2[1];
-        return null;
-    }
-    // Try to find Cognito login action URL inside HTML (form action) as fallback
-    findCognitoLoginUrl(html) {
-        if (!html) return null;
-        const m = html.match(/action="([^"]*amazoncognito\.com[^"]*)"/i);
-        if (m) return m[1];
-        return null;
-    }
-    // Try to extract an error message from Cognito error page HTML
-    extractErrorMessage(html) {
-        if (!html) return null;
-        const patterns = [
-            /<div[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/div>/i,
-            /<span[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/span>/i,
-            /<p[^>]*class="[^"]*error[^"]*"[^>]*>([^<]+)<\/p>/i,
-            /<div[^>]*id=".*error.*"[^>]*>([^<]+)<\/div>/i,
-        ];
-        for (const p of patterns) {
-            const m = html.match(p);
-            if (m) return m[1].trim();
-        }
-        return null;
-    }
-    _delay(ms) {
-        return new Promise((r) => setTimeout(r, ms));
+  }
+  async getUserContext() {
+    if (!this.authenticated) throw new Error("Not authenticated");
+    const resp = await this.axios.get(`${BASE_URL}/api/user/context`, {
+      headers: { Accept: "application/json", "x-csrf": "1", Referer: `${BASE_URL}/dashboard` },
+    });
+    return resp.data;
+  }
+  async getDevices() {
+    if (!this.authenticated) throw new Error("Not authenticated");
+    const resp = await this.axios.get(`${BASE_URL}/api/devices/devices`, {
+      headers: { Accept: "application/json", "x-csrf": "1", Referer: `${BASE_URL}/dashboard` },
+      validateStatus: () => true,
+    });
+    if (resp.status !== 200) throw new Error(`Failed to get devices: ${resp.status}`);
+    return resp.data;
+  }
+  async logout() {
+    try {
+      await this.axios.get(`${BASE_URL}/bff/logout`, { validateStatus: () => true });
+    } finally {
+      this.authenticated = false;
     }
+  }
 }
 export default MELCloudHomeAuth;