npm - mlbserver - Versions diffs - 2026.4.1-2 → 2026.4.16 - Mend

mlbserver 2026.4.1-2 → 2026.4.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -50,6 +50,7 @@ Basic command line or Docker environment options:
 --session or -s (clears session)
 --cache or -c (clears cache)
 --env or -e (use environment variables instead of command line arguments; automatically applied in the Docker image)
+--login_page or -lp (false if not specified, login is done via a login page and uses cookies)
 ```
 Advanced command line or Docker environment options:
@@ -68,6 +69,7 @@ Advanced command line or Docker environment options:
 --page_username (username to protect pages; default is no protection)
 --page_password (password to protect pages; default is no protection)
 --content_protect (specify the content protection key to include as a URL parameter, if page protection is enabled)
+--login_page (optional, enable login page authentication; default is false, uses browswer popup when unset)
 --gamechanger_delay (specify extra delay for the gamechanger switches in 10 second increments, default is 0)
 --data_directory (defaults to installed application directory; in the Docker image, this defaults to /mlbserver/data_directory for mapping persistent storage)
 ```

package/docker-compose.yml CHANGED Viewed

@@ -15,6 +15,7 @@ services:
       #- page_username=
       #- page_password=
       #- content_protect=
+      #- login_page=false
       #- gamechanger_delay=0
       #- PUID=1000
       #- PGID=1000

package/index.js CHANGED Viewed

@@ -129,9 +129,10 @@ var argv = minimist(process.argv, {
     s: 'session',
     c: 'cache',
     v: 'version',
-    e: 'env'
+    e: 'env',
+    lp: 'login_page'
   },
-  boolean: ['ffmpeg_logging', 'debug', 'logout', 'session', 'cache', 'version', 'free', 'env'],
+  boolean: ['ffmpeg_logging', 'debug', 'logout', 'session', 'cache', 'version', 'free', 'env', 'login_page'],
   string: ['account_username', 'account_password', 'fav_teams', 'multiview_path', 'ffmpeg_path', 'ffmpeg_encoder', 'page_username', 'page_password', 'content_protect', 'data_directory', 'http_root']
 })
@@ -1353,31 +1354,92 @@ app.get('/gamechangerplaylist.m3u8', async function(req, res) {
 })
 // Protect pages by password, or content by content_protect url parameter
+function isAuthenticated(req) {
+  if (!req.headers.cookie) return false;
+  const cookies = req.headers.cookie.split(';').map(c => c.trim());
+  const authCookie = cookies.find(c => c.startsWith('auth_token='));
+  if (!authCookie) return false;
+  const token = authCookie.split('=')[1];
+  return token === session.protection.content_protect;
+}
+const AUTH_TOKEN_TTL = 24 * 60 * 60 * 1000; // 1 day
+const authenticatedSessions = new Map();
+function isSecure(req) {
+  const forwarded = req.headers['x-forwarded-proto'];
+  if (forwarded) {
+    return forwarded.split(',')[0].trim().toLowerCase() === 'https';
+  }
+  return (req.connection && req.connection.encrypted) || false;
+}
+function cleanupExpiredSessions() {
+  const now = Date.now();
+  for (const [token, sessionData] of authenticatedSessions.entries()) {
+    if (sessionData.expiry <= now) {
+      authenticatedSessions.delete(token);
+    }
+  }
+}
+function isAuthenticated(req) {
+  if (!req.headers.cookie) return false;
+  const cookies = req.headers.cookie.split(';').map(c => c.trim());
+  const authCookie = cookies.find(c => c.startsWith('auth_token='));
+  if (!authCookie) return false;
+  const token = authCookie.split('=')[1];
+  const sessionData = authenticatedSessions.get(token);
+  if (!sessionData) return false;
+  if (sessionData.expiry <= Date.now()) {
+    authenticatedSessions.delete(token);
+    return false;
+  }
+  sessionData.expiry = Date.now() + AUTH_TOKEN_TTL;
+  return true;
+}
 async function protect(req, res) {
+  cleanupExpiredSessions();
   if (argv.page_username && argv.page_password) {
     if ( !session.protection.content_protect || !req.query.content_protect || (req.query.content_protect != session.protection.content_protect) ) {
       if ( !session.protection.content_protect || !req.query.content_protect || !req.query.content_protect[0] || (req.query.content_protect[0] != session.protection.content_protect) ) {
-        const reject = () => {
-          res.setHeader('www-authenticate', 'Basic')
-          res.error(401, ' Not Authorized')
-          return false
-        }
+        if (argv.login_page && isAuthenticated(req)) {
+          // Already authenticated via cookie
+        } else {
+          if (argv.login_page) {
+            const redirectUrl = encodeURIComponent(req.url);
+            res.writeHead(302, { 'Location': http_root + '/login?redirect=' + redirectUrl });
+            res.end();
+            return false;
+          } else {
+            const reject = () => {
+              res.setHeader('www-authenticate', 'Basic');
+              res.error(401, ' Not Authorized');
+              return false;
+            }
-        const authorization = req.headers.authorization
+            const authorization = req.headers.authorization;
-        if(!authorization) {
-          return reject()
-        }
+            if (!authorization) {
+              return reject();
+            }
-        const [username, password] = Buffer.from(authorization.replace('Basic ', ''), 'base64').toString().split(':')
+            const [username, password] = Buffer.from(authorization.replace('Basic ', ''), 'base64').toString().split(':');
-        if(! (username === argv.page_username && password === argv.page_password)) {
-          return reject()
+            if (! (username === argv.page_username && password === argv.page_password)) {
+              return reject();
+            }
+          }
         }
       }
     }
   }
-  return true
+  return true;
 }
 function getLastName(fullName) {
@@ -1390,6 +1452,89 @@ function getLastName(fullName) {
   return fullName.substring(indexOfSpace + 1);
 }
+// Login page
+app.get('/login', async function(req, res) {
+  try {
+    if (!argv.login_page) {
+      res.error(404, 'Not Found');
+      return;
+    }
+    const redirect = req.query.redirect || '/';
+    const error = req.query.error ? '<p style="color:red;">Invalid username or password</p>' : '';
+    res.writeHead(200, {'Content-Type': 'text/html'});
+    res.end(`<!DOCTYPE html><html><head><meta charset="UTF-8"><title>Login - ${appname}</title><style>body{color:lightgray;background-color:black;font-family:Arial,Helvetica,sans-serif;}input{background-color:black;color:lightgray;border:1px solid lightgray;}button{background-color:black;color:lightgray;border:1px solid lightgray;}</style></head><body><h1>Login to ${appname}</h1>${error}<form method="POST" action="${http_root}/login"><input type="hidden" name="redirect" value="${redirect}"><p>Username: <input type="text" name="username" required></p><p>Password: <input type="password" name="password" required></p><p><button type="submit">Login</button></p></form></body></html>`);
+  } catch (e) {
+    session.log('login get request error : ' + e.message);
+    res.end('login get request error, check log');
+  }
+});
+function getCookieOptions(req) {
+  const options = ['HttpOnly', 'Path=/', 'SameSite=Strict'];
+  if (isSecure(req)) options.push('Secure');
+  return options.join('; ');
+}
+// Login POST handler
+app.post('/login', async function(req, res) {
+  try {
+    if (!argv.login_page) {
+      res.error(404, 'Not Found');
+      return;
+    }
+    let body = '';
+    req.on('data', chunk => { body += chunk.toString(); });
+    req.on('end', () => {
+      const params = new URLSearchParams(body);
+      const username = params.get('username');
+      const password = params.get('password');
+      const redirect = params.get('redirect') || '/';
+      if (username === argv.page_username && password === argv.page_password) {
+        const token = crypto.randomBytes(16).toString('hex');
+        authenticatedSessions.set(token, { expiry: Date.now() + AUTH_TOKEN_TTL });
+        res.writeHead(302, {
+          'Location': redirect,
+          'Set-Cookie': `auth_token=${token}; ${getCookieOptions(req)}`
+        });
+        res.end();
+      } else {
+        res.writeHead(302, { 'Location': `${http_root}/login?redirect=${encodeURIComponent(redirect)}&error=1` });
+        res.end();
+      }
+    });
+  } catch (e) {
+    session.log('login post request error : ' + e.message);
+    res.end('login post request error, check log');
+  }
+});
+// Logout
+app.get('/logout', async function(req, res) {
+  try {
+    if (!argv.login_page) {
+      res.error(404, 'Not Found');
+      return;
+    }
+    let token = '';
+    if (req.headers.cookie) {
+      const cookies = req.headers.cookie.split(';').map(c => c.trim());
+      const authCookie = cookies.find(c => c.startsWith('auth_token='));
+      if (authCookie) token = authCookie.split('=')[1];
+    }
+    if (token && authenticatedSessions.has(token)) {
+      authenticatedSessions.delete(token);
+    }
+    res.writeHead(302, {
+      'Location': '/',
+      'Set-Cookie': `auth_token=; ${getCookieOptions(req)}; Max-Age=0`
+    });
+    res.end();
+  } catch (e) {
+    session.log('logout request error : ' + e.message);
+    res.end('logout request error, check log');
+  }
+});
 // Server homepage, base URL
 app.get('/', async function(req, res) {
   try {
@@ -1570,6 +1715,10 @@ app.get('/', async function(req, res) {
 		body += '</script></head><body><h1>' + appname + '</h1>' + "\n"
+    if (argv.login_page) {
+      body += '<p><a href="' + http_root + '/logout">Logout</a></p>' + "\n"
+    }
     body += '<p><span class="tooltip tinytext">Touch or hover over an option name for more details</span></p>' + "\n"
     todayUTCHours -= 4

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mlbserver",
-  "version": "2026.4.1-2",
+  "version": "2026.4.16",
   "description": "",
   "repository": {
     "type": "git",

package/session.js CHANGED Viewed

@@ -3558,38 +3558,41 @@ class sessionClass {
       if ( !this.cache || !this.cache.bigInningScheduleCacheExpiry || (currentDate > new Date(this.cache.bigInningScheduleCacheExpiry)) ) {
         if ( !this.cache.bigInningSchedule ) this.cache.bigInningSchedule = {}
         let reqObj = {
-          url: 'https://www.fubo.tv/welcome/channel/mlb-big-inning',
+          url: 'https://watch.product.api.espn.com/api/product/v3/watchespn/web/catalog/ae4eb028-0af3-42e7-8965-9304c5817969?lang=en&features=continueWatching%2Csfb-all%2Cpbov7%2Chigh-volume-row%2Csc4u%2Cguide-menu-header%2Ccutl%2Cheader-quickserve%2Cautoplay%2Cwatch-web-redesign%2CimageRatio58x13%2CpromoTiles%2CopenAuthz%2Cvideo-header%2Cexplore-row%2Cbutton-service%2Cinline-header%2Cflagship&deviceBrand=web&streamMenu=true&headerBgImageWidth=1280&countryCode=US&entitlements=no&tz=UTC-0400&userab=espn_watch_for_you_web-392*watch-fy-a-1642',
           headers: {
-            'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+            'accept': '*/*',
             'accept-encoding': 'gzip, deflate, br, zstd',
-            'referer': 'https://www.fubo.tv',
+            'origin': 'https://www.espn.com',
+            'referer': 'https://www.espn.com/',
             'user-agent': USER_AGENT
           },
+          json: true,
           gzip: true
         }
         var response = await this.httpGet(reqObj, false)
         if ( response ) {
-          // disabled because it's big
-          //this.debuglog(response)
+          this.debuglog(JSON.stringify(response))
-          let nextdatastring = response.match(/<script id=\"__NEXT_DATA__\" type=\"application\/json\">(.*?)<\/script>/)
-          let nextdata = JSON.parse(nextdatastring[1])
-          let initialState = JSON.parse(nextdata.props.pageProps.initialState.replace(/\\"/g, '"'))
-          initialState.channel.channelPrograms.live.data.forEach((program) => {
-            program.airings.forEach((airing) => {
-              let est_date = new Date(airing.accessRightsV2.live.startTime).toLocaleString("en-US", {timeZone: 'America/New_York'})
-              let date_array = est_date.split(',')[0].split('/')
-              let this_datestring = date_array[2] + '-' + date_array[0].padStart(2, '0') + '-' + date_array[1].padStart(2, '0')
-              if ( !this.cache.bigInningSchedule[this_datestring] || !this.cache.bigInningSchedule[this_datestring].length ) {
-                this.cache.bigInningSchedule[this_datestring] = []
+          if ( response.page && response.page.buckets && response.page.buckets[0] && response.page.buckets[0].contents ) {
+            for (var i=0; i < response.page.buckets[0].contents.length; i++) {
+              let content = response.page.buckets[0].contents[i]
+              let big_inning_date = content.utc.substring(0, 10)
+              let big_inning_start = content.utc
+              for (var j=0; j < content.streams.length; j++) {
+                let stream = content.streams[j]
+                let big_inning_end = new Date(content.utc)
+                big_inning_end.setSeconds(stream.durationInSeconds)
+                if ( !this.cache.bigInningSchedule[big_inning_date] || !this.cache.bigInningSchedule[big_inning_date].length ) {
+                  this.cache.bigInningSchedule[big_inning_date] = []
+                }
+                this.cache.bigInningSchedule[big_inning_date].push({
+                  start: big_inning_start,
+                  end: big_inning_end
+                })
+                break
               }
-              this.cache.bigInningSchedule[this_datestring].push({
-                start: airing.accessRightsV2.live.startTime,
-                end: airing.accessRightsV2.live.endTime
-              })
-            });
-          });
+            }
+          }
           this.debuglog(JSON.stringify(this.cache.bigInningSchedule))
           // Default cache period is 1 day from now