homebridge-tuya-without-developer-account 1.0.0 → 1.0.1

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 1.0.1
+
+- Fixes repeated `code=-9999999, msg=sign invalid` errors caused by incomplete token expiry handling and non-persistent token refreshes.
+- Saves refreshed Tuya QR access/refresh tokens immediately to the Homebridge storage auth file.
+- Retries a signed Tuya request once after forcing a token refresh when Tuya returns `sign invalid`.
+- Accepts both snake_case and camelCase token fields returned by Tuya QR login/refresh responses.
+- Adds the plugin icon to the custom Homebridge settings UI and README.
+
+## 1.0.0
+
+- Initial QR-only release.
+
 ## 1.0.0
 
 - Renamed plugin to **Tuya without developer account for Homebridge**.

package/README.md

@@ -1,3 +1,7 @@
+<p align="center">
+  <img src="./homebridge-ui/public/homebridge-tuya.png" width="96" alt="Tuya without developer account for Homebridge" />
+</p>
+
 # Tuya without developer account for Homebridge
 
 A Homebridge platform plugin for Tuya and Smart Life devices that uses **Home Assistant-style Tuya QR Cloud Authentication**.
@@ -231,3 +235,14 @@ This project is based on the Homebridge Tuya plugin codebase and adapts the Tuya
 ## License
 
 MIT
+
+
+## Token refresh and sign invalid errors
+
+Version 1.0.1 and later persist refreshed Tuya QR tokens back to the Homebridge storage auth file. This prevents repeated startup failures such as:
+
+```text
+[Tuya QR] Fetching home list failed. code=-9999999, msg=sign invalid
+```
+
+If this still happens after upgrading, open the plugin settings, clear the saved authentication, generate a new QR code, scan it with the Tuya Smart or Smart Life app, save the configuration, and restart Homebridge. Also confirm the Homebridge host clock is synchronized, because Tuya signed requests depend on the current time.

package/dist/cloud/api/TuyaHACloudAPI.js

@@ -13,12 +13,13 @@ exports.TUYA_HA_CLIENT_ID = 'HA_3y9q4ak7g4ephrvke';
 exports.TUYA_HA_SCHEMA = 'haauthorize';
 exports.TUYA_HA_QR_ENDPOINT = 'https://apigw.iotbing.com';
 class TuyaHACloudAPI {
-    constructor(userCode, terminalId, endpoint, tokenInfo, log = console, debug = false) {
+    constructor(userCode, terminalId, endpoint, tokenInfo, log = console, debug = false, tokenUpdateListener) {
         this.userCode = userCode;
         this.terminalId = terminalId;
         this.endpoint = endpoint;
         this.log = log;
         this.debug = debug;
+        this.tokenUpdateListener = tokenUpdateListener;
         this.tokenInfo = {
             access_token: '',
             refresh_token: '',
@@ -31,23 +32,49 @@ class TuyaHACloudAPI {
             this.setTokenInfo(tokenInfo);
         }
     }
-    setTokenInfo(tokenInfo) {
-        this.tokenInfo = {
-            access_token: tokenInfo.access_token,
-            refresh_token: tokenInfo.refresh_token,
-            uid: tokenInfo.uid,
-            expire: (tokenInfo.t || Date.now()) + (tokenInfo.expire_time || 0) * 1000,
+    setTokenUpdateListener(listener) {
+        this.tokenUpdateListener = listener;
+    }
+    normaliseTokenInfo(tokenInfo = {}) {
+        const now = Date.now();
+        const expireTimeRaw = tokenInfo.expire_time ?? tokenInfo.expireTime ?? tokenInfo.expire;
+        const expireTime = Number.isFinite(Number(expireTimeRaw)) && Number(expireTimeRaw) > 0
+            ? Number(expireTimeRaw)
+            : 7200;
+        return {
+            access_token: tokenInfo.access_token || tokenInfo.accessToken || this.tokenInfo.access_token || '',
+            refresh_token: tokenInfo.refresh_token || tokenInfo.refreshToken || this.tokenInfo.refresh_token || '',
+            uid: tokenInfo.uid || this.tokenInfo.uid || '',
+            expire: Number(tokenInfo.expireAt || 0) > now
+                ? Number(tokenInfo.expireAt)
+                : (Number(tokenInfo.t || 0) > 0 ? Number(tokenInfo.t) : now) + expireTime * 1000,
         };
     }
+    setTokenInfo(tokenInfo) {
+        this.tokenInfo = this.normaliseTokenInfo(tokenInfo);
+    }
     exportTokenInfo() {
         return {
             t: Date.now(),
             uid: this.tokenInfo.uid,
             expire_time: Math.max(0, Math.floor((this.tokenInfo.expire - Date.now()) / 1000)),
+            expireAt: this.tokenInfo.expire,
             access_token: this.tokenInfo.access_token,
             refresh_token: this.tokenInfo.refresh_token,
         };
     }
+    async notifyTokenUpdate() {
+        if (typeof this.tokenUpdateListener !== 'function') {
+            return;
+        }
+        try {
+            await this.tokenUpdateListener(this.exportTokenInfo());
+        }
+        catch (error) {
+            const msg = error instanceof Error ? error.message : String(error);
+            this.log.warn('Could not persist refreshed Tuya token: %s', msg);
+        }
+    }
     isLogin() {
         return this.tokenInfo.access_token.length > 0;
     }
@@ -93,43 +120,52 @@ class TuyaHACloudAPI {
         this.log.debug('HA raw response: %s', JSON.stringify(res));
         return res;
     }
-    async refreshAccessTokenIfNeed() {
+    async refreshAccessTokenIfNeed(force = false) {
         if (!this.isLogin()) {
-            return;
+            return false;
         }
-        if (!this.isTokenExpired()) {
-            return;
+        if (!force && !this.isTokenExpired()) {
+            return false;
         }
         if (this.refreshTokenInProgress) {
-            return;
+            return false;
         }
         this.refreshTokenInProgress = true;
         try {
             this.log.info('Refreshing Tuya Home Assistant QR access token.');
-            const response = await this.get(`/v1.0/m/token/${this.tokenInfo.refresh_token}`);
+            const response = await this.request('GET', `/v1.0/m/token/${this.tokenInfo.refresh_token}`, null, null, { skipRefresh: true, skipSignInvalidRetry: true });
             if (response && response.success) {
                 const result = response.result || {};
                 const tokenInfo = {
                     t: response.t || Date.now(),
-                    expire_time: result.expireTime || result.expire_time || 0,
+                    expire_time: result.expireTime || result.expire_time || result.expire || 7200,
                     uid: result.uid,
                     access_token: result.accessToken || result.access_token,
-                    refresh_token: result.refreshToken || result.refresh_token,
+                    refresh_token: result.refreshToken || result.refresh_token || this.tokenInfo.refresh_token,
                 };
                 this.setTokenInfo(tokenInfo);
+                await this.notifyTokenUpdate();
+                this.log.info('Tuya Home Assistant QR access token refreshed and saved.');
+                return true;
             }
+            this.log.warn('Refresh Tuya access token failed. code=%s, msg=%s', response?.code, response?.msg);
+            return false;
         }
         catch (error) {
             const msg = error instanceof Error ? error.message : String(error);
             this.log.error('Failed to refresh Tuya access token: %s', msg);
+            return false;
         }
         finally {
             this.refreshTokenInProgress = false;
         }
     }
-    async request(method, path, params, body) {
-        if (!this.refreshTokenInProgress) {
-            await this.refreshAccessTokenIfNeed();
+    isSignInvalidResponse(res) {
+        return res && res.success === false && (String(res.code) === '-9999999' || String(res.msg || '').toLowerCase().includes('sign invalid'));
+    }
+    async request(method, path, params, body, requestOptions = {}) {
+        if (!requestOptions.skipRefresh && !this.refreshTokenInProgress) {
+            await this.refreshAccessTokenIfNeed(false);
         }
         const rid = (0, util_1.generateUUID)();
         const sid = '';
@@ -199,6 +235,13 @@ class TuyaHACloudAPI {
             req.end();
         }), { retriesMax: 5, interval: 300, exponential: true, factor: 2, jitter: 100 });
         this.log.debug('HA encrypted response: %s', JSON.stringify(res));
+        if (!requestOptions.skipSignInvalidRetry && this.isSignInvalidResponse(res)) {
+            this.log.warn('Tuya returned sign invalid. Forcing token refresh and retrying request once.');
+            const refreshed = await this.refreshAccessTokenIfNeed(true);
+            if (refreshed) {
+                return this.request(method, path, params, body, { ...requestOptions, skipSignInvalidRetry: true });
+            }
+        }
         return res;
     }
     async get(path, params) {

package/dist/platform.js

@@ -130,10 +130,17 @@ class TuyaPlatform {
     try {
       const raw = await fs.promises.readFile(file, "utf8");
       const data = JSON.parse(raw);
-      if (!data.userCode || !data.endpoint || !data.terminalId || !data.tokenInfo?.access_token || !data.tokenInfo?.refresh_token) {
+      const tokenInfo = data.tokenInfo || {};
+      if (!data.userCode || !data.endpoint || !data.terminalId || !(tokenInfo.access_token || tokenInfo.accessToken) || !(tokenInfo.refresh_token || tokenInfo.refreshToken)) {
         this.log.warn("[Tuya QR] Existing auth file is incomplete. Clear authentication in the plugin settings and scan again.");
         return undefined;
       }
+      data.tokenInfo = {
+        ...tokenInfo,
+        access_token: tokenInfo.access_token || tokenInfo.accessToken,
+        refresh_token: tokenInfo.refresh_token || tokenInfo.refreshToken,
+        expire_time: tokenInfo.expire_time || tokenInfo.expireTime || tokenInfo.expire || 7200,
+      };
       return data;
     } catch {
       return undefined;
@@ -219,14 +226,22 @@ class TuyaPlatform {
       return undefined;
     }
 
-    const api = new TuyaHACloudAPI(userCode, authData.terminalId, authData.endpoint, authData.tokenInfo, this.log, debugMode);
+    const api = new TuyaHACloudAPI(userCode, authData.terminalId, authData.endpoint, authData.tokenInfo, this.log, debugMode, async (tokenInfo) => {
+      await this.writeAuthData(userCode, {
+        ...authData,
+        endpoint: api.endpoint,
+        tokenInfo,
+        savedAt: Date.now(),
+        refreshedAt: Date.now(),
+      });
+    });
     const deviceManager = new TuyaHADeviceManager(api, debugMode);
 
     this.log.info("[Tuya QR] Fetching home list.");
     const res = await deviceManager.getHomeList();
     if (res.success === false) {
       this.log.error(`[Tuya QR] Fetching home list failed. code=${res.code}, msg=${res.msg}`);
-      this.log.error("[Tuya QR] If the token is expired or invalid, clear authentication in the plugin settings and scan again.");
+      this.log.error("[Tuya QR] Token refresh was attempted automatically. If this continues, clear authentication in the plugin settings and scan again.");
       return undefined;
     }
 

package/homebridge-ui/public/index.html

@@ -1,4 +1,11 @@
 <style>
+  .tuya-nodev-logo {
+    display: block;
+    width: 72px;
+    height: 72px;
+    margin: 0 auto 12px;
+    border-radius: 16px;
+  }
   .tuya-nodev-card {
     border: 1px solid rgba(127, 127, 127, 0.25);
     border-radius: 12px;
@@ -45,7 +52,8 @@
 </style>
 
 <div class="tuya-nodev-card">
-  <div class="tuya-nodev-title">Tuya QR Cloud Authentication</div>
+  <img class="tuya-nodev-logo" src="./homebridge-tuya.png" alt="Tuya without developer account logo">
+  <div class="tuya-nodev-title" style="text-align:center;">Tuya QR Cloud Authentication</div>
   <p class="tuya-nodev-small mb-3">
     This plugin connects Tuya / Smart Life devices to Homebridge using the same QR authorization style used by the official Home Assistant Tuya integration. It does not need a Tuya IoT developer account, Access ID, Access Secret, cloud project, username, or password.
   </p>

package/homebridge-ui/server.js

@@ -35,9 +35,16 @@ function normaliseUserCode(userCode) {
       try {
         const raw = await fs.promises.readFile(this.getAuthFile(userCode), 'utf8');
         const data = JSON.parse(raw);
-        if (!data.userCode || !data.endpoint || !data.terminalId || !data.tokenInfo?.access_token || !data.tokenInfo?.refresh_token) {
+        const tokenInfo = data.tokenInfo || {};
+        if (!data.userCode || !data.endpoint || !data.terminalId || !(tokenInfo.access_token || tokenInfo.accessToken) || !(tokenInfo.refresh_token || tokenInfo.refreshToken)) {
           return null;
         }
+        data.tokenInfo = {
+          ...tokenInfo,
+          access_token: tokenInfo.access_token || tokenInfo.accessToken,
+          refresh_token: tokenInfo.refresh_token || tokenInfo.refreshToken,
+          expire_time: tokenInfo.expire_time || tokenInfo.expireTime || tokenInfo.expire || 7200,
+        };
         return data;
       } catch {
         return null;
@@ -178,14 +185,14 @@ function normaliseUserCode(userCode) {
         const info = loginResponse.result || {};
         const authData = {
           userCode,
-          terminalId: info.terminal_id,
+          terminalId: info.terminal_id || info.terminalId,
           endpoint: info.endpoint,
           tokenInfo: {
             t: loginResponse.t || info.t || Date.now(),
             uid: info.uid,
-            expire_time: info.expire_time,
-            access_token: info.access_token,
-            refresh_token: info.refresh_token,
+            expire_time: info.expire_time || info.expireTime || info.expire || 7200,
+            access_token: info.access_token || info.accessToken,
+            refresh_token: info.refresh_token || info.refreshToken,
           },
           username: info.username,
           savedAt: Date.now(),

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "homebridge-tuya-without-developer-account",
   "displayName": "Tuya without developer account for Homebridge",
-  "version": "1.0.0",
-  "description": "Homebridge plugin for Tuya and Smart Life devices using Home Assistant-style QR cloud authentication, without a Tuya IoT developer account.",
+  "version": "1.0.1",
+  "description": "Homebridge plugin for Tuya and Smart Life devices using QR cloud authentication without a Tuya IoT developer account.",
   "license": "MIT",
   "author": "Kosztyk",
   "repository": {