mlbserver 2026.4.1-2 → 2026.4.23

package/README.md

@@ -50,6 +50,7 @@ Basic command line or Docker environment options:
 --session or -s (clears session)
 --cache or -c (clears cache)
 --env or -e (use environment variables instead of command line arguments; automatically applied in the Docker image)
+--login_page or -lp (false if not specified, login is done via a login page and uses cookies)
 ```
 
 Advanced command line or Docker environment options:
@@ -68,6 +69,7 @@ Advanced command line or Docker environment options:
 --page_username (username to protect pages; default is no protection)
 --page_password (password to protect pages; default is no protection)
 --content_protect (specify the content protection key to include as a URL parameter, if page protection is enabled)
+--login_page (optional, enable login page authentication; default is false, uses browswer popup when unset)
 --gamechanger_delay (specify extra delay for the gamechanger switches in 10 second increments, default is 0)
 --data_directory (defaults to installed application directory; in the Docker image, this defaults to /mlbserver/data_directory for mapping persistent storage)
 ```

package/docker-compose.yml

@@ -15,6 +15,7 @@ services:
       #- page_username=
       #- page_password=
       #- content_protect=
+      #- login_page=false
       #- gamechanger_delay=0
       #- PUID=1000
       #- PGID=1000

package/index.js

@@ -129,9 +129,10 @@ var argv = minimist(process.argv, {
     s: 'session',
     c: 'cache',
     v: 'version',
-    e: 'env'
+    e: 'env',
+    lp: 'login_page'
   },
-  boolean: ['ffmpeg_logging', 'debug', 'logout', 'session', 'cache', 'version', 'free', 'env'],
+  boolean: ['ffmpeg_logging', 'debug', 'logout', 'session', 'cache', 'version', 'free', 'env', 'login_page'],
   string: ['account_username', 'account_password', 'fav_teams', 'multiview_path', 'ffmpeg_path', 'ffmpeg_encoder', 'page_username', 'page_password', 'content_protect', 'data_directory', 'http_root']
 })
 
@@ -539,6 +540,10 @@ function getMasterPlaylist(streamURL, req, res, options = {}) {
       }
 
       let resolution = options.resolution || VALID_RESOLUTIONS[0]
+      // assume 1080p60 resolution is best, to enable fallback to 720p60 when necessary
+      if ( resolution == VALID_RESOLUTIONS[1] ) {
+        resolution = 'best'
+      }
       let audio_track = options.audio_track || VALID_AUDIO_TRACKS[0]
       // if specific audio track is requested, check if master playlist contains it
       if ( (audio_track != VALID_AUDIO_TRACKS[0]) && (audio_track != VALID_AUDIO_TRACKS[6]) ) {
@@ -1353,31 +1358,92 @@ app.get('/gamechangerplaylist.m3u8', async function(req, res) {
 })
 
 // Protect pages by password, or content by content_protect url parameter
+function isAuthenticated(req) {
+  if (!req.headers.cookie) return false;
+  const cookies = req.headers.cookie.split(';').map(c => c.trim());
+  const authCookie = cookies.find(c => c.startsWith('auth_token='));
+  if (!authCookie) return false;
+  const token = authCookie.split('=')[1];
+  return token === session.protection.content_protect;
+}
+
+const AUTH_TOKEN_TTL = 24 * 60 * 60 * 1000; // 1 day
+const authenticatedSessions = new Map();
+
+function isSecure(req) {
+  const forwarded = req.headers['x-forwarded-proto'];
+  if (forwarded) {
+    return forwarded.split(',')[0].trim().toLowerCase() === 'https';
+  }
+  return (req.connection && req.connection.encrypted) || false;
+}
+
+function cleanupExpiredSessions() {
+  const now = Date.now();
+  for (const [token, sessionData] of authenticatedSessions.entries()) {
+    if (sessionData.expiry <= now) {
+      authenticatedSessions.delete(token);
+    }
+  }
+}
+
+function isAuthenticated(req) {
+  if (!req.headers.cookie) return false;
+  const cookies = req.headers.cookie.split(';').map(c => c.trim());
+  const authCookie = cookies.find(c => c.startsWith('auth_token='));
+  if (!authCookie) return false;
+
+  const token = authCookie.split('=')[1];
+  const sessionData = authenticatedSessions.get(token);
+  if (!sessionData) return false;
+
+  if (sessionData.expiry <= Date.now()) {
+    authenticatedSessions.delete(token);
+    return false;
+  }
+
+  sessionData.expiry = Date.now() + AUTH_TOKEN_TTL;
+  return true;
+}
+
 async function protect(req, res) {
+  cleanupExpiredSessions();
+
   if (argv.page_username && argv.page_password) {
     if ( !session.protection.content_protect || !req.query.content_protect || (req.query.content_protect != session.protection.content_protect) ) {
       if ( !session.protection.content_protect || !req.query.content_protect || !req.query.content_protect[0] || (req.query.content_protect[0] != session.protection.content_protect) ) {
-        const reject = () => {
-          res.setHeader('www-authenticate', 'Basic')
-          res.error(401, ' Not Authorized')
-          return false
-        }
+        if (argv.login_page && isAuthenticated(req)) {
+          // Already authenticated via cookie
+        } else {
+          if (argv.login_page) {
+            const redirectUrl = encodeURIComponent(req.url);
+            res.writeHead(302, { 'Location': http_root + '/login?redirect=' + redirectUrl });
+            res.end();
+            return false;
+          } else {
+            const reject = () => {
+              res.setHeader('www-authenticate', 'Basic');
+              res.error(401, ' Not Authorized');
+              return false;
+            }
 
-        const authorization = req.headers.authorization
+            const authorization = req.headers.authorization;
 
-        if(!authorization) {
-          return reject()
-        }
+            if (!authorization) {
+              return reject();
+            }
 
-        const [username, password] = Buffer.from(authorization.replace('Basic ', ''), 'base64').toString().split(':')
+            const [username, password] = Buffer.from(authorization.replace('Basic ', ''), 'base64').toString().split(':');
 
-        if(! (username === argv.page_username && password === argv.page_password)) {
-          return reject()
+            if (! (username === argv.page_username && password === argv.page_password)) {
+              return reject();
+            }
+          }
         }
       }
     }
   }
-  return true
+  return true;
 }
 
 function getLastName(fullName) {
@@ -1390,6 +1456,89 @@ function getLastName(fullName) {
   return fullName.substring(indexOfSpace + 1);
 }
 
+// Login page
+app.get('/login', async function(req, res) {
+  try {
+    if (!argv.login_page) {
+      res.error(404, 'Not Found');
+      return;
+    }
+    const redirect = req.query.redirect || '/';
+    const error = req.query.error ? '<p style="color:red;">Invalid username or password</p>' : '';
+    res.writeHead(200, {'Content-Type': 'text/html'});
+    res.end(`<!DOCTYPE html><html><head><meta charset="UTF-8"><title>Login - ${appname}</title><style>body{color:lightgray;background-color:black;font-family:Arial,Helvetica,sans-serif;}input{background-color:black;color:lightgray;border:1px solid lightgray;}button{background-color:black;color:lightgray;border:1px solid lightgray;}</style></head><body><h1>Login to ${appname}</h1>${error}<form method="POST" action="${http_root}/login"><input type="hidden" name="redirect" value="${redirect}"><p>Username: <input type="text" name="username" required></p><p>Password: <input type="password" name="password" required></p><p><button type="submit">Login</button></p></form></body></html>`);
+  } catch (e) {
+    session.log('login get request error : ' + e.message);
+    res.end('login get request error, check log');
+  }
+});
+
+function getCookieOptions(req) {
+  const options = ['HttpOnly', 'Path=/', 'SameSite=Strict'];
+  if (isSecure(req)) options.push('Secure');
+  return options.join('; ');
+}
+
+// Login POST handler
+app.post('/login', async function(req, res) {
+  try {
+    if (!argv.login_page) {
+      res.error(404, 'Not Found');
+      return;
+    }
+    let body = '';
+    req.on('data', chunk => { body += chunk.toString(); });
+    req.on('end', () => {
+      const params = new URLSearchParams(body);
+      const username = params.get('username');
+      const password = params.get('password');
+      const redirect = params.get('redirect') || '/';
+      if (username === argv.page_username && password === argv.page_password) {
+        const token = crypto.randomBytes(16).toString('hex');
+        authenticatedSessions.set(token, { expiry: Date.now() + AUTH_TOKEN_TTL });
+        res.writeHead(302, {
+          'Location': redirect,
+          'Set-Cookie': `auth_token=${token}; ${getCookieOptions(req)}`
+        });
+        res.end();
+      } else {
+        res.writeHead(302, { 'Location': `${http_root}/login?redirect=${encodeURIComponent(redirect)}&error=1` });
+        res.end();
+      }
+    });
+  } catch (e) {
+    session.log('login post request error : ' + e.message);
+    res.end('login post request error, check log');
+  }
+});
+
+// Logout
+app.get('/logout', async function(req, res) {
+  try {
+    if (!argv.login_page) {
+      res.error(404, 'Not Found');
+      return;
+    }
+    let token = '';
+    if (req.headers.cookie) {
+      const cookies = req.headers.cookie.split(';').map(c => c.trim());
+      const authCookie = cookies.find(c => c.startsWith('auth_token='));
+      if (authCookie) token = authCookie.split('=')[1];
+    }
+    if (token && authenticatedSessions.has(token)) {
+      authenticatedSessions.delete(token);
+    }
+    res.writeHead(302, {
+      'Location': '/',
+      'Set-Cookie': `auth_token=; ${getCookieOptions(req)}; Max-Age=0`
+    });
+    res.end();
+  } catch (e) {
+    session.log('logout request error : ' + e.message);
+    res.end('logout request error, check log');
+  }
+});
+
 // Server homepage, base URL
 app.get('/', async function(req, res) {
   try {
@@ -1570,6 +1719,10 @@ app.get('/', async function(req, res) {
 
 		body += '</script></head><body><h1>' + appname + '</h1>' + "\n"
 
+    if (argv.login_page) {
+      body += '<p><a href="' + http_root + '/logout">Logout</a></p>' + "\n"
+    }
+
     body += '<p><span class="tooltip tinytext">Touch or hover over an option name for more details</span></p>' + "\n"
 
     todayUTCHours -= 4
@@ -2382,7 +2535,10 @@ app.get('/', async function(req, res) {
     }
 
     if ( mediaType == VALID_MEDIA_TYPES[0] ) {
-        body += '<p><span class="tooltip">Video<span class="tooltiptext">For video streams only: you can manually specifiy a video track (resolution) to use. Adaptive will let your client choose. 1080p60 or 720p60 is the best quality. 540p is default for multiview (see below).<br/><br/>None will allow to remove the video tracks, if you just want to listen to the audio while using the "start at inning" or "skip breaks" options enabled.</span></span>: '
+        body += '<p><span class="tooltip">Video<span class="tooltiptext">For video streams only: you can manually specifiy a video track (resolution) to use. Adaptive will let your client choose. Best will select either 1080p60 (MLB) or 720p60 (MiLB). 504p is default for multiview (see below).<br/><br/>None will allow to remove the video tracks, if you just want to listen to the audio while using the "start at inning" or "skip breaks" options enabled.</span></span>: '
+        body += '<button '
+        if ( resolution == 'best' ) body += 'class="default" '
+        body += 'onclick="resolution=\'best\';reload()">best</button> '
         for (var i = 0; i < VALID_RESOLUTIONS.length; i++) {
           body += '<button '
           if ( resolution == VALID_RESOLUTIONS[i] ) body += 'class="default" '
@@ -2593,6 +2749,8 @@ app.get('/', async function(req, res) {
     }
     
     body += '<p><span class="tooltip">Comskip link examples<span class="tooltiptext">You can generate a <a href="https://github.com/erikkaashoek/Comskip">Comskip</a>-style file to automatically skip sections (breaks, idle time, or non-action pitches) of games you record using DVR software when watched in compatible players. For example, if you record a game from your local OTA channel using Tvheadend, you can then fetch one of these Comskip files, put it in the same directory with the same name as your recorded video file, and Kodi will automatically skip those sections while you watch the video.<br><br>Specifying the team and broadcast_start_timestamp in the URL is required! For the timestamp, use the  time your DVR software began the recording. This should be your local time in YYYY-MM-DDTHH:MM:SS format.<br><br>Specifying a skip_adjust value in the URL is recommended, to adjust for broadcast delays. This will vary across different channels and different video sources.<br><br>For the txt file format, specifying the video frame rate (fps) in the URL is also required. This will commonly be either 30, 59.94, or 60, depending on your video source.<br><br>Optionally, setting pad to "on" will generate random extra skips at the end, to help avoid timeline spoilers.</span></span>: <a href="' + http_root + '/comskip.edl?team=CHC&date=2025-10-01&pad=on&skip=pitches&skip_adjust=11&broadcast_start_timestamp=2025-10-01T14:00:00' + content_protect_a + '">comskip.edl</a> or <a href="' + http_root + '/comskip.txt?team=CHC&date=2025-10-01&pad=on&skip=pitches&skip_adjust=11&broadcast_start_timestamp=2025-10-01T14:00:00&fps=59.94' + content_protect_a + '">comskip.txt</a></p>' + "\n"
+    
+    body += '<p><span class="tooltip">MPEG-TS examples<span class="tooltiptext">Experimental feature: a MPEGTS output format where you can adjust the audio sync with a URL parameter. Useful if the radio track is a consistent number of seconds ahead or behind the video track. Use positive sync values if radio is early, or negative values if radio is late.</span></span>: <a href="' + http_root + '/stream.ts?team=' + example_team + content_protect_a + '">Stream</a> or <a href="' + http_root + '/stream.ts?team=' + example_team + '&audio_track=radio&sync=2.3' + content_protect_a + '">Stream w/ radio sync</a></p>' + "\n"
 
     body += '</p></td></tr></table><br/>' + "\n"
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mlbserver",
-  "version": "2026.4.1-2",
+  "version": "2026.4.23",
   "description": "",
   "repository": {
     "type": "git",

package/session.js

@@ -3556,40 +3556,43 @@ class sessionClass {
       
       let currentDate = new Date()
       if ( !this.cache || !this.cache.bigInningScheduleCacheExpiry || (currentDate > new Date(this.cache.bigInningScheduleCacheExpiry)) ) {
-        if ( !this.cache.bigInningSchedule ) this.cache.bigInningSchedule = {}
+        this.cache.bigInningSchedule = {}
         let reqObj = {
-          url: 'https://www.fubo.tv/welcome/channel/mlb-big-inning',
+          url: 'https://watch.product.api.espn.com/api/product/v3/watchespn/web/catalog/ae4eb028-0af3-42e7-8965-9304c5817969?lang=en&features=continueWatching%2Csfb-all%2Cpbov7%2Chigh-volume-row%2Csc4u%2Cguide-menu-header%2Ccutl%2Cheader-quickserve%2Cautoplay%2Cwatch-web-redesign%2CimageRatio58x13%2CpromoTiles%2CopenAuthz%2Cvideo-header%2Cexplore-row%2Cbutton-service%2Cinline-header%2Cflagship&deviceBrand=web&streamMenu=true&headerBgImageWidth=1280&countryCode=US&entitlements=no&tz=UTC-0400&userab=espn_watch_for_you_web-392*watch-fy-a-1642',
           headers: {
-            'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+            'accept': '*/*',
             'accept-encoding': 'gzip, deflate, br, zstd',
-            'referer': 'https://www.fubo.tv',
+            'origin': 'https://www.espn.com',
+            'referer': 'https://www.espn.com/',
             'user-agent': USER_AGENT
           },
+          json: true,
           gzip: true
         }
         var response = await this.httpGet(reqObj, false)
         if ( response ) {
-          // disabled because it's big
-          //this.debuglog(response)
+          this.debuglog(JSON.stringify(response))
           
-          let nextdatastring = response.match(/<script id=\"__NEXT_DATA__\" type=\"application\/json\">(.*?)<\/script>/)
-          let nextdata = JSON.parse(nextdatastring[1])
-          let initialState = JSON.parse(nextdata.props.pageProps.initialState.replace(/\\"/g, '"'))
-
-          initialState.channel.channelPrograms.live.data.forEach((program) => {
-            program.airings.forEach((airing) => {
-              let est_date = new Date(airing.accessRightsV2.live.startTime).toLocaleString("en-US", {timeZone: 'America/New_York'})
-              let date_array = est_date.split(',')[0].split('/')
-              let this_datestring = date_array[2] + '-' + date_array[0].padStart(2, '0') + '-' + date_array[1].padStart(2, '0')
-              if ( !this.cache.bigInningSchedule[this_datestring] || !this.cache.bigInningSchedule[this_datestring].length ) {
-                this.cache.bigInningSchedule[this_datestring] = []
+          if ( response.page && response.page.buckets && response.page.buckets[0] && response.page.buckets[0].contents ) {
+            for (var i=0; i < response.page.buckets[0].contents.length; i++) {
+              let content = response.page.buckets[0].contents[i]
+              let big_inning_date = content.utc.substring(0, 10)
+              let big_inning_start = content.utc
+              for (var j=0; j < content.streams.length; j++) {
+                let stream = content.streams[j]
+                let big_inning_end = new Date(content.utc)
+                big_inning_end.setSeconds(stream.durationInSeconds)
+                if ( !this.cache.bigInningSchedule[big_inning_date] || !this.cache.bigInningSchedule[big_inning_date].length ) {
+                  this.cache.bigInningSchedule[big_inning_date] = []
+                }
+                this.cache.bigInningSchedule[big_inning_date].push({
+                  start: big_inning_start, 
+                  end: big_inning_end
+                })
+                break
               }
-              this.cache.bigInningSchedule[this_datestring].push({
-                start: airing.accessRightsV2.live.startTime, 
-                end: airing.accessRightsV2.live.endTime
-              })
-            });
-          });
+            }
+          }
           this.debuglog(JSON.stringify(this.cache.bigInningSchedule))
 
           // Default cache period is 1 day from now