Merge remote-tracking branch 'origin/main'

* origin/main:
  Changelog
  ts no semantic versioning and build
  Re-indent files
  Switches to Daikin's Onecta API, ports to Typescript (Apollon77#139)

.github/workflows/test-and-release.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [14.x, 16.x, 18.x, 20.x]
+        node-version: [16.x, 18.x, 20.x]
         os: [ubuntu-latest, windows-latest, macos-latest]
 
     steps:

.npmignore

@@ -1,16 +1,11 @@
-/example/.http-mitm-proxy
-/example/certs
-/example/keys
-/example/tokenset.json
-
-Gruntfile.js
-tasks
 node_modules
 .git
 .idea
-package-lock.json
 .github
 .eslintrc.json
-tokensaver-linux
-tokensaver-macos
-tokensaver-win.exe
+img
+src
+tsconfig.json
+cert/generate.sh
+cert/req.cnf
+dist/example*

README.md

@@ -11,74 +11,75 @@ Library to generate/retrieve tokens to communicate with the Daikin cloud and to
 **Daikin is a trademark of DAIKIN INDUSTRIES, LTD.**
 
 ## Description
-The newer Daikin devices sold since 2020 contain a newer Wifi Adapter (e.g. BRP069C4x) which only connects to the Daikin Cloud and is no longer reachable locally. These devices are only controllable with the Daikin Onecta App.
+The newer Daikin devices sold since 2020 contain a newer Wifi Adapter
+(e.g. BRP069C4x) which only connects to the Daikin Cloud and is no longer
+reachable locally. These devices are only controllable through the Daikin
+Onecta API, which uses the OpenID Connect (OIDC) protocol for client
+authentication and authorization purposes.
 
-This library allows to initially (hopefully once) retrieve tokens by using a proxy to login to the Daikin Cloud. After that these tokens can be used and refreshed to interact with the devices.
+This library facilitates interacting with the Onecta API by providing an
+abstraction over OIDC flows and token management.
 
-Note: For devices with older WLAN-Adapters like **BRP069A4x** which can only be used by the Daikin Controller App please use the [Daikin-Controller](https://github.com/Apollon77/daikin-controller) lib instead.
-
-### Login with E-Mail/Password
-The easy mode is to use the `login`method of the `DaikinControllerCloud` class and provide the E-Mail and the Password.
-
-An automatic login is tried in this case and the tokens are retrieved.
-
-It can happen that this process do not work because the Daikin Website requires you to solve a captcha. In this can you can use the following trick:
-* Start the proxy
-* Call the proxy URL on port 8889
-* You **do not** need to import the certificate!
-* Just click on the `Login into the Daikin Cloud to retrieve the tokens` link at the end of the instructions page and login there once and solve the captcha.
-* Close the browser window and try the automatic login again
-
-### Login with Proxy
-**For more information on the Proxy progress for end users - because you need to trust and whitelist them and such - can be found in [PROXY.md](PROXY.md)!**
-Info: This project is not grabbing any username or password, just the created tokens after you logged in.
+Note: For devices with older WLAN-Adapters like **BRP069A4x** which can only be
+used by the Daikin Controller App please use the
+[Daikin-Controller](https://github.com/Apollon77/daikin-controller) lib instead.
 
 ## IMPORTANT
-When you integrate this library please make sure users do not refresh data out of the cloud too fast. Please still think about the needed resources and costs on Daikin side to operate the cloud services and only allow meaningful poll intervals!
-
-## Install
-For now while being in basic development install from Github:
-
-`npm i Apollon77/daikin-controller-cloud`
 
-## Using tokensaver.js
+The Onecta API limits each client application to 200 requests per day.
 
-If your only interest is to save the tokens exchanged by Daikin Cloud and yourself (for instance, when you want to use them with your own code or home automation), use the tokensaver.js in the `example` folder
+## Pre-requisites
 
-From within the main directory, run:
+This library acts as an OIDC client towards the Onecta API and uses OIDC's
+`Authorization` grant to obtain the initial pair of OIDC tokens.  As such, 
+you'll have to provide the following:
 
-`node example/tokensaver.js`
+1. The `Client ID` and `Client Secret` of a registered application tied to your
+   Daiking Developer account. If you do not have such an account, yet, you can
+   create one in the [Daikin Developer Portal][p1]
+2. The ability for the process that uses this library to listen on a local TCP
+   port (configurable) in order to start an HTTP server that your browser will
+   be redirected to at the end of the `Authorization` grant flow
+3. A domain name that resolves to the machine that hosts the process using this
+   library (if running locally you will not be able to use `localhost` as it is 
+   rejected by the Onecta API)
 
-Or, more conveniently, use one of the binaries (Linux, macOS and Windows) supplied with the [Releases](https://github.com/Apollon77/daikin-controller-cloud/releases).
-Alternatively you can execute `npx daikin-controller-cloud` which will also execute the tokensaver.js without the need to install the library (Node.js is required to be installed).
+You will have to combine the port (point 2.) and domain name (point 3.) to
+create the URL to be set as the application's `Redirect URI` in the
+[Daikin Developer portal][p1]. Note that the same URL **must** also be passed
+as a configuration parameter of the `DaikinCloudController` class. Also note
+that the `Redirect URI` must use the secure `https:` protocol and that this
+library ships with its own self-signed SSL/TLS certificate, which will cause
+your browser to present you with a security warning.
 
-Calling tokensaver.js without any parameters will open a proxy where you can login to the Daikin Cloud and the tokens will be fetched.
+[p1]: https://developer.cloud.daikineurope.com
 
-Alternatively execute
-
-`node tokensaver.js "mydaikin@email.com" "my-daikin-password"`
-
-(replace data with your daikin cloud login credentials) and we try to fetch the tokens without the proxy.
+## Install
+For now while being in basic development install from Github:
 
+`npm i Apollon77/daikin-controller-cloud`
 
 ## Code-Usage example
-See example folder, check the settings (add your own IP at minimum!) and start it with `node example.js`.
-
-When getting or setting data you need to look at the complete data structure returned by the device. SO best go a "getData()" and check the structure. The getData/setData parameters mirror the structure. In fact you awlways eed to provide the first two levels, maybe a "path style third level".
+See [`src/example.ts`](./src/example.ts).
 
 ## Issue reporting and enhancements
 * Create Issues here in Github
 * Provide PRs for actual changes and enhancements to code or documentation!
 
 ## Todos
-* Mooooaaar documentation, especially for proxy use for endusers and development
+* Mooooaaar documentation
 * Add Tests
-* Implement internal update of values when a new value is set? Or reload data after a set action automatically?
+* Implement internal update of values when a new value is set? Or reload data
+  after a set action automatically?
 * Implement interval data update in library or only from outside?
-* The mitm proxy library is not closing the proxy correct, so the promise never gets resolved ... need to check on that.
-
 
 ## Changelog:
+
+### __WORK IN PROGRESS__
+* BREAKING: Username/Passwort and Proxy Authentications are removed and replaced by the new Daikin Portal Authentication! You need to re-authenticate!
+* (jacoscaz) Port to Typescript
+* (jacoscaz) Switch to Daikin's OIDC-based Onecta API
+
 ### 1.2.4 (2023-09-09)
 * (Apollon77) Make sure to store only existing refresh tokens
 

cert/cert.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCl2ofZKAqpOUtE
+HOaedkYs3pv86P6CV3tRKXCV6BMoF0oj2HhYD6jxL92L0YyMjVi+Ysv4sWGjFB3L
+UburXuDxKsU8EoksRFVFxRKRQFjtIO2tfnnkVWkdcyXUcnSgEBWfj8Gwt0Ouunxl
+lS9OLUp/1zKaAk+mTU22nNkc/dy6D8REDj28UsAae4iuw5No4RYVNY28lvUbMLrP
+fPVOhOMUU8cUvvrnpf7/9FkP8Sm2nG4vVpO6efYJ0wz7UiGmJUQQYRQEE/AZZSC0
+O7wwNBtkxY5JO6nnLZ3MoOPHXJkF1ptUikOBNh9Db46/DHIr0JJZSaACkLsKta8C
+4MM74bTZAgMBAAECggEAJDAD3x5tARJmuURjD2U4F5c0yuCdk5v55LIZhiPeditq
+ulqDm5dDIejzOows0ggPOm89GRS+/IGppJC/VXt8sjJGWb6jnnyEbJY84GN9Y7QB
+GA9WEjuOlWXn9axJhRktVqTbuq6p/mhjNxjveuvH6w/t0wu5DEymrbcYakp7zD7F
+c9Q6iLd7MNt+EGFJQ9HXIFfvd8aGC3lUWTfVIqhQ1YjBeQXHWuK8Z6FKj/ecJ6kV
+VBD2pmTPvCS2oc5/TuEstfWkhUXbJkDJUx37SqOtp5F/N/IGUndOYZGcQM5QZ0dk
+eQUzslFqxmiOur6ncYO0c9DdMS/iHbF7BOLJrLVG/wKBgQDWO4vdR5BGDyRADxm4
+avfdCi05lc7mAjD1ZKSzCZONOWXdKXtAk8W7UPDbTZtJ/nHXVui+gSMVSzpkqEvQ
+gRs1E5m6lsp5NHwq6Q6/nrpn7aAlo9q2hBKXT6VZFkpqKQQQZfa/4Gb9KSCmNvoI
+Dm62K+vx8BtWFUiXZMYIJca1MwKBgQDGMF3QG38VZehVPQpCTnr4SSCEx8x5p5sC
+RJMO+mogDR43FW4Pn0olFNKqxVlV/SjBIQT0cupLq1oQjbmzQPoPk2fpBrKXMpvl
+frUsm6mfEd4iBVLyLcn5NzBgOlkQrUtaz5w/L4lbDfDBZAksX8x4rGp4qI28lQuL
+o3qLi7WVwwKBgD1Qe55Qbh1vFfvzlnPuwZQU5o61rqqr8+E39d98HSvtQpdC2RDJ
+em07JERP+OL7nQ95w1FK2oSsrEDE3jYFzYiqXHRH1hlMiUEqxNrZDhbSruQ2+lEE
+ieGenP9bXt71cEFVPYL7Md7BF6Qa1gLaRpuDBJuREfHYU5do8zi/vxh7AoGAD9S/
+OadooFnylBR7JE7Gjdyxh0m6cKFNxYGayaCBJ6xElJvWndLYhlvCdDetaiv9vGeZ
+0Lj5NDAs0pOvmL0A/IuGyltpmqBFSbC0YirRAs7XkpogRQ4ZSxn4eEdQ4/8jvM5G
+qdlvPGHBsIEAJpZEbANBwf+cysqREIdve4QebicCgYBSTgudClfJIObL/KhR9ET5
+yiJuye80x6cvGOFrkmI1XVRIykpIqtbvM32kBBN/2EmPVkOf9O79ohJnET4B6tTG
+d2SMBjm/tBW6KhP0wQ8t69RWPMp3i/2HKGNqZvHQOKLbLTzEehNqnc616yx3d+UX
+JM3DmzgTfECrhsicFzzoYA==
+-----END PRIVATE KEY-----

cert/cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIUcjAWwfDOv7FkmvXGaNs3oxLmsyIwDQYJKoZIhvcNAQEL
+BQAwgY0xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTERMA8GA1UEBwwITG9j
+YXRpb24xGjAYBgNVBAoMEU9yZ2FuaXphdGlvbiBOYW1lMRwwGgYDVQQLDBNPcmdh
+bml6YXRpb25hbCBVbml0MSEwHwYDVQQDDBhkYWlraW4tb25lY3RhMm1xdHQubG9j
+YWwwHhcNMjQwNjI4MDc1MjEwWhcNMzQwNjI2MDc1MjEwWjCBjTELMAkGA1UEBhMC
+VVMxDjAMBgNVBAgMBVN0YXRlMREwDwYDVQQHDAhMb2NhdGlvbjEaMBgGA1UECgwR
+T3JnYW5pemF0aW9uIE5hbWUxHDAaBgNVBAsME09yZ2FuaXphdGlvbmFsIFVuaXQx
+ITAfBgNVBAMMGGRhaWtpbi1vbmVjdGEybXF0dC5sb2NhbDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKXah9koCqk5S0Qc5p52Rizem/zo/oJXe1EpcJXo
+EygXSiPYeFgPqPEv3YvRjIyNWL5iy/ixYaMUHctRu6te4PEqxTwSiSxEVUXFEpFA
+WO0g7a1+eeRVaR1zJdRydKAQFZ+PwbC3Q666fGWVL04tSn/XMpoCT6ZNTbac2Rz9
+3LoPxEQOPbxSwBp7iK7Dk2jhFhU1jbyW9Rswus989U6E4xRTxxS++uel/v/0WQ/x
+Kbacbi9Wk7p59gnTDPtSIaYlRBBhFAQT8BllILQ7vDA0G2TFjkk7qectncyg48dc
+mQXWm1SKQ4E2H0Nvjr8McivQkllJoAKQuwq1rwLgwzvhtNkCAwEAAaNrMGkwDgYD
+VR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCMGA1UdEQQcMBqCGGRh
+aWtpbi1vbmVjdGEybXF0dC5sb2NhbDAdBgNVHQ4EFgQUPxzrRNuFqDHzBmOnSv/t
+IuL36mswDQYJKoZIhvcNAQELBQADggEBAClB4bQdPo50TlRODy/5WAWqq6i5HSqO
+sylSvRJN6Qzcy4oiKTaUuUHR5yBL3mXzfiZc9LiSRDB3kTOzJv50Bm8S8dct3vFP
+2WjMQm7bwk6yxYKZdVPqBXuAxzzW+4t5NkuepZp3lfbYS6tNNrnDnzdZBDKXWrB1
+1YUEi2mtTp0cFE3klMYfcJtUV+EgyjKMjbYcp2HFHYN2l2yV5jkH+Uik7pdzEfS+
+xWQ+v5TkVKcXCS+scDocAFz1r+mHJArycXfTv2BLpdmAWSFBrsEFl72BiIW4XZ+f
+avgUUJSZcEW1yxpS3YXzq44MFmUJe6Xqpu8788Wl0xCJ3dLNRUHiL1w=
+-----END CERTIFICATE-----

cert/generate.sh

@@ -0,0 +1 @@
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout cert.key -out cert.pem -config req.cnf -sha256

cert/req.cnf

@@ -0,0 +1,17 @@
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+C = US
+ST = State
+L = Location
+O = Organization Name
+OU = Organizational Unit 
+CN = daikin-onecta2mqtt.local
+[v3_req]
+keyUsage = critical, digitalSignature, keyAgreement
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = daikin-onecta2mqtt.local