-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Propositions for enchancements #5
Comments
Hi @yawor, thank you very much for your feedback, I really appreciate it!, every single thing you've pointed out it's quite interesting, and I completely agree, sadly I don't have much free time to maintain this script 😢. If you are interested in contributing to the project with any small improvement it would be awesome. |
I know that's a lot of work and I'm fully prepared to work on these points. To be honest, I've already started :). |
BTW @marcosav, would you be able to share the original HTTP traffic you've captured from the Blue app (of course with your credentials or deviceId stripped)? Right now, when calling For some reason I can't capture any traffic from the Blue app using mitmproxy. The app probably uses certificate pinning, which causes it not to accept mitmproxy generated certificate (I've had mitmproxy CA certificate installed as trusted during the tests). |
Of course! As soon as I open the Blue app the following executes:
{
"email": "myemail@domain.com",
"locale": "EN",
"acceptSharing": false,
"acceptPrivacy": true,
"enabled": true,
"createdAt": "2023-03-25T10:19:24.063+00:00",
"country": "es",
"city": "City",
"area": "Norte",
"zone": "Portugal and Spain",
"subzone": "Spain",
"pin": null,
"pinDate": null,
"uniqueSession": false,
"provider": null,
"name": null
}
[
{
"id": "A UUID",
"deviceId": "MyDeviceID",
"tag": "Portal",
"status": "PAIRED",
"updatedAt": 1679740105258,
"createdAt": 1679740067990,
"appBuild": 599,
"appVersion": "3.2.1",
"phoneModel": "MyAndroidPhoneModel",
"phoneOS": "MyAndroidPhoneOS",
"home": null,
"address": null,
"accessDoorMap": {
"ZERO": {
"title": "",
"accessId": {
"block": 200,
"subblock": -1,
"number": 0
},
"visible": true
},
"ONE": {
"title": "",
"accessId": {
"block": 200,
"subblock": -1,
"number": 1
},
"visible": false
},
"GENERAL": {
"title": "",
"accessId": {
"block": 100,
"subblock": -1,
"number": 0
},
"visible": false
}
},
"master": true
}
] {
"deviceId": "MyDeviceID",
"connectionState": "Connected",
"status": "ACTIVATED",
"primaryThumbprint": null,
"installationId": "",
"family": "MONITOR",
"type": "VEO-XS",
"subtype": "WIFI",
"numBlock": 0,
"numSubblock": 0,
"unitNumber": 2,
"connectable": true,
"iccid": "",
"divertService": "blueStream",
"photocaller": true,
"wirelessSignal": 4,
"blueStream": true,
"phone": false,
"panelOrEdibox": false,
"monitor": true,
"terminal": true
} [
"AccessName",
"AutoOn",
"CallDivert",
"CallRegistry",
"ChangeVideoSource",
"CheckInformation",
"DND",
"Doormatic",
"EventRegistry",
"F1",
"F1Options",
"Geo",
"Guard",
"Guest5",
"ManageCallDivert",
"OpenDoor",
"Photocaller",
"Ringtone",
"SessionsUnlimited",
"TZ"
]
{
"number": 0,
"block": 200,
"subblock": -1
} Response:
Also, this may be useful, when I press the video button: {
"directedToBluestream": "MyAppToken",
"deviceID": "MyDeviceID"
} Response: {
"reason": "call_starting",
"divertService": "blueStream",
"code": 1,
"additional_info": {
"technology": "duox",
"remote": {
"number": 0,
"address": "00 F0 A0",
"block": 0,
"type": "panel",
"subblock": -1
},
"local": {
"number": 2,
"address": "00 00 02",
"subtype": "monitor",
"block": 0,
"type": "terminal",
"subblock": 0
}
},
"description": "Auto on is starting",
"directedTo": "MyAppToken"
}
{
"timestamp": "2023-06-11T15:35:40.368+00:00",
"status": 400,
"error": "Bad Request",
"path": "/api/v1/message/ack"
}
Response:
Response:
Response:
Response:
Now video is loaded, then I pressed the green button (call button) but no more HTTP requests where made. Finally, when I ended the call (hang button), /device and /services endpoints are called as before. Hope this is usefull! |
Thanks for all the request/response bodies. It may be helpful in the future. I'm not ready yet to create pull request, but I've pushed everything I've done up to this moment to my fork here: README file definitely needs a rewrite, as whole command line interface has changed. When I'm done and this is merged, it would be great to publish this on pypi. Maybe even integrate github actions for automatic build and publish. |
Hi, would it be possible to add some of the following options?
UPDATE: I made a fork of the project in which it was updated with new functions, I leave the link in case you want to take a look. Link to fork |
Hi, thanks for your work! Any improvements on this? @yawor your work was amazing, didn't you have time for finishing it? |
I found this when looking for fermax on github! Did you abandoned the project @yawor? Any advancements? |
@yawor thanks for your code? Can you confirm if the lates version is on this repository? |
Hi, I'm sorry everyone for the lack of updates. I've had a lot of work recently and I've had not much time for any side projects. Regarding my changes, everything I've done for now is pushed to my repo, but I didn't have time to prepare a proper documentation. That's why I didn't do any pull requests to this original repository. The current status of my rewrite:
|
Hi,
The script works great, but there's a lot of space for making it better.
Right now it can't be used as a library in other software, for example as a library used by HA integration. This is because all code is executed as soon as the file is imported. For this to work as a library, the main logic should also be inside a function and it should be called in a guarding condition like this:
if the main logic is in the
main()
function.For this to work great as a library (especially if used in the HA integration) the
requests
library should be replaced by some async http library likeaiohttp
orhttpx
. HA already uses httpx and has it installed, so I'd opt for using this one also.RIght now the script doesn't use refresh token, which is actually really helpful. I'd change whole authentication part of the script. First of all I'd separate authentication from opening the doors.
The user would first use auth command. Providing username and password in the command line could left as an option, but I'd use prompts if either one or both of them is not provided. So user would just call auth and the script would first as for username and then for password (in safe way, hiding the input). The auth would then save both access token and refresh token, together with max age (expiry timestamp could also be calculated right away ans stored).
The door opening would not accept username and password anymore. Instead it would need to check if the access token is almost expired (for example if it expires in 2 days or less, which is half of the max age for the token) - if yes, then before opening the doors, it would use refresh_token to refresh access token by POSTing
grant_type=refresh_token&refresh_token=<current_refresh_token>
to/oauth/token
. This is a correct way of using OAuth2 and I've tested it using curl and this works correctly on Fermax server.There could also be a command to only check if access token expires shortly and refresh it if it's needed - this could be run from crontab to always keep the access token fresh.
The last thing is to properly package this script as a library. I propose using Poetry as a packaging tool.
The text was updated successfully, but these errors were encountered: