const express = require('express'); const fetch = require('node-fetch'); const path = require('path'); const http = require('http'); const crypto = require('crypto'); const { WebSocketServer, WebSocket } = require('ws'); require('dotenv').config(); const VERSION = '1.4.0'; const app = express(); const server = http.createServer(app); const PORT = process.env.PORT || 3000; const IMMICH_URL = (process.env.IMMICH_URL || 'http://localhost:2283').replace(/\/+$/, ''); const API_KEY = process.env.IMMICH_API_KEY || ''; const SLIDESHOW_INTERVAL = parseInt(process.env.SLIDESHOW_INTERVAL, 10) || 30; const TRANSITION_DURATION = parseInt(process.env.TRANSITION_DURATION, 10) || 2; const SHOW_CLOCK = process.env.SHOW_CLOCK !== 'false'; const SHOW_DATE = process.env.SHOW_DATE !== 'false'; const SHOW_EXIF = process.env.SHOW_EXIF !== 'false'; const SHOW_PROGRESS = process.env.SHOW_PROGRESS !== 'false'; const IMAGE_FIT = process.env.IMAGE_FIT || 'contain'; const BACKGROUND_BLUR = process.env.BACKGROUND_BLUR !== 'false'; const SHUFFLE = process.env.SHUFFLE !== 'false'; const ALBUM_ID = process.env.ALBUM_ID || ''; const SHOW_FAVORITES_ONLY = process.env.SHOW_FAVORITES_ONLY === 'true'; const REFRESH_INTERVAL = parseInt(process.env.REFRESH_INTERVAL, 10) || 300; const INCLUDE_VIDEOS = process.env.INCLUDE_VIDEOS !== 'false'; // --- Auth configuration --- const ADMIN_USERNAME = process.env.ADMIN_USERNAME || 'admin'; const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD || ''; const FRAMBE_API_TOKEN = process.env.FRAMBE_API_TOKEN || ''; const AUTH_ENABLED = !!ADMIN_PASSWORD; const sessions = new Map(); const SESSION_TTL = 24 * 60 * 60 * 1000; function createSession(username) { const token = crypto.randomBytes(32).toString('hex'); const now = Date.now(); sessions.set(token, { username, createdAt: now, expiresAt: now + SESSION_TTL }); return token; } function validateSession(token) { if (!token) return false; const session = sessions.get(token); if (!session) return false; if (Date.now() > session.expiresAt) { sessions.delete(token); return false; } return true; } function cleanupSessions() { const now = Date.now(); sessions.forEach((s, t) => { if (now > s.expiresAt) sessions.delete(t); }); } setInterval(cleanupSessions, 60 * 60 * 1000); function requireAdminAuth(req, res, next) { if (!AUTH_ENABLED) return next(); const cookie = req.headers.cookie || ''; const match = cookie.match(/frambe_session=([a-f0-9]+)/); const token = match ? match[1] : null; if (validateSession(token)) return next(); if (req.accepts('html')) return res.redirect('/admin/login'); return res.status(401).json({ error: 'Unauthorized', message: 'Admin login required' }); } function requireApiToken(req, res, next) { const authHeader = req.headers.authorization || ''; const bearerToken = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : ''; const headerToken = req.headers['x-api-token'] || ''; const queryToken = req.query.token || ''; const provided = bearerToken || headerToken || queryToken; if (FRAMBE_API_TOKEN) { if (provided === FRAMBE_API_TOKEN) return next(); } if (AUTH_ENABLED) { const cookie = req.headers.cookie || ''; const match = cookie.match(/frambe_session=([a-f0-9]+)/); if (match && validateSession(match[1])) return next(); } if (!FRAMBE_API_TOKEN && !AUTH_ENABLED) return next(); return res.status(401).json({ error: 'Unauthorized', message: 'Valid API token or admin session required' }); } function immichHeaders() { return { 'x-api-key': API_KEY, 'Accept': 'application/json', 'Content-Type': 'application/json' }; } function log(msg) { console.log('[Frambe] ' + msg); } function logErr(msg) { console.error('[Frambe] ERROR: ' + msg); } // --- Persistent frame registry (keyed by IP) --- const frameRegistry = new Map(); const adminSockets = new Set(); function getClientIp(req) { return req.headers['x-forwarded-for']?.split(',')[0].trim() || req.socket.remoteAddress || 'unknown'; } function broadcastToAdmins(msg) { const d = JSON.stringify(msg); adminSockets.forEach(ws => { if (ws.readyState === WebSocket.OPEN) ws.send(d); }); } function getClientList() { const list = []; frameRegistry.forEach((f, ip) => { list.push({ id: f.id, ip: ip, name: f.name || '', status: f.status || 'offline', firstSeen: f.firstSeen, lastSeen: f.lastSeen, connectedAt: f.connectedAt, config: f.config || {} }); }); return list; } function findFrameById(id) { let found = null; frameRegistry.forEach(f => { if (f.id === id) found = f; }); return found; } function findFrameIpById(id) { let foundIp = null; frameRegistry.forEach((f, ip) => { if (f.id === id) foundIp = ip; }); return foundIp; } const wss = new WebSocketServer({ server, path: '/ws' }); wss.on('connection', (ws, req) => { const ip = getClientIp(req); const now = new Date().toISOString(); let isAdmin = false; log('WebSocket connected: ' + ip); ws.send(JSON.stringify({ type: 'welcome', ip })); ws.on('message', raw => { try { const msg = JSON.parse(raw); switch (msg.type) { case 'register': if (msg.role === 'admin') { isAdmin = true; adminSockets.add(ws); log('Admin connected from ' + ip); ws.send(JSON.stringify({ type: 'clientList', clients: getClientList() })); } else { let frame = frameRegistry.get(ip); if (frame) { frame.ws = ws; frame.status = msg.status || 'idle'; frame.connectedAt = now; frame.lastSeen = now; if (msg.config) frame.config = msg.config; log('Frame reconnected: ' + ip + ' ("' + frame.name + '")'); } else { frame = { id: ip.replace(/[.:]/g, '_'), ip: ip, name: '', status: msg.status || 'idle', firstSeen: now, connectedAt: now, lastSeen: now, config: msg.config || {}, ws: ws }; frameRegistry.set(ip, frame); log('Frame registered: ' + ip); } broadcastToAdmins({ type: 'clientList', clients: getClientList() }); } break; case 'status': { const frame = frameRegistry.get(ip); if (frame) { frame.status = msg.status || frame.status; frame.lastSeen = new Date().toISOString(); if (msg.config) frame.config = msg.config; broadcastToAdmins({ type: 'clientUpdate', clientId: frame.id, client: { id: frame.id, ip, name: frame.name, status: frame.status, lastSeen: frame.lastSeen, config: frame.config } }); } break; } case 'adminCommand': { const target = findFrameById(msg.targetId); if (target && target.ws && target.ws.readyState === WebSocket.OPEN) { target.ws.send(JSON.stringify({ type: 'command', action: msg.action, payload: msg.payload })); log('Command ' + msg.action + ' -> ' + msg.targetId); } else { ws.send(JSON.stringify({ type: 'error', message: 'Client not found or offline' })); } break; } case 'renameClient': { const target = findFrameById(msg.targetId); if (target) { target.name = msg.name; log('Renamed ' + target.ip + ' -> "' + msg.name + '"'); broadcastToAdmins({ type: 'clientList', clients: getClientList() }); } break; } case 'removeClient': { const targetIp = findFrameIpById(msg.targetId); if (targetIp) { const removed = frameRegistry.get(targetIp); if (removed && removed.ws && removed.ws.readyState === WebSocket.OPEN) removed.ws.close(); frameRegistry.delete(targetIp); log('Removed client: ' + targetIp + ' ("' + (removed ? removed.name : '') + '")'); broadcastToAdmins({ type: 'clientList', clients: getClientList() }); } break; } } } catch (e) { logErr('WS parse error: ' + e.message); } }); ws.on('close', () => { if (isAdmin) { adminSockets.delete(ws); log('Admin disconnected: ' + ip); } else { const frame = frameRegistry.get(ip); if (frame && frame.ws === ws) { frame.status = 'offline'; frame.ws = null; frame.lastSeen = new Date().toISOString(); log('Frame offline: ' + ip + ' ("' + (frame.name || '') + '")'); broadcastToAdmins({ type: 'clientList', clients: getClientList() }); } } }); }); app.use('/api', (req, _res, next) => { log('API ' + req.method + ' ' + req.originalUrl); next(); }); app.use(express.json()); app.get('/api/auth/status', (_req, res) => { res.json({ authEnabled: AUTH_ENABLED, apiTokenEnabled: !!FRAMBE_API_TOKEN }); }); app.post('/api/auth/login', (req, res) => { if (!AUTH_ENABLED) return res.json({ ok: true, message: 'Auth not enabled' }); const { username, password } = req.body || {}; if (username === ADMIN_USERNAME && password === ADMIN_PASSWORD) { const token = createSession(username); res.setHeader('Set-Cookie', 'frambe_session=' + token + '; Path=/; HttpOnly; SameSite=Strict; Max-Age=' + (SESSION_TTL / 1000)); log('Admin login: ' + username); return res.json({ ok: true }); } log('Failed login attempt: ' + (username || '(empty)')); return res.status(401).json({ ok: false, error: 'Invalid credentials' }); }); app.post('/api/auth/logout', (req, res) => { const cookie = req.headers.cookie || ''; const match = cookie.match(/frambe_session=([a-f0-9]+)/); if (match) sessions.delete(match[1]); res.setHeader('Set-Cookie', 'frambe_session=; Path=/; HttpOnly; Max-Age=0'); res.json({ ok: true }); }); app.get('/admin/login', (_req, res) => { if (!AUTH_ENABLED) return res.redirect('/admin'); res.sendFile(path.join(__dirname, 'public', 'admin', 'login.html')); }); app.use(express.static(path.join(__dirname, 'public'), { setHeaders: (res, fp) => { if (fp.endsWith('.html') || fp.endsWith('.js') || fp.endsWith('.css')) { res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate'); res.setHeader('Pragma', 'no-cache'); res.setHeader('Expires', '0'); } } })); function mapAsset(a) { return { id: a.id, type: a.type, originalFileName: a.originalFileName, fileCreatedAt: a.fileCreatedAt, isFavorite: a.isFavorite, exifInfo: a.exifInfo ? { make: a.exifInfo.make, model: a.exifInfo.model, city: a.exifInfo.city, state: a.exifInfo.state, country: a.exifInfo.country, description: a.exifInfo.description, dateTimeOriginal: a.exifInfo.dateTimeOriginal } : null }; } function filterAssets(assets) { return INCLUDE_VIDEOS ? assets.filter(a => a.type === 'IMAGE' || a.type === 'VIDEO') : assets.filter(a => a.type === 'IMAGE'); } app.get('/api/config', (_req, res) => { res.json({ version: VERSION, slideshowInterval: SLIDESHOW_INTERVAL, transitionDuration: TRANSITION_DURATION, showClock: SHOW_CLOCK, showDate: SHOW_DATE, showExif: SHOW_EXIF, showProgress: SHOW_PROGRESS, imageFit: IMAGE_FIT, backgroundBlur: BACKGROUND_BLUR, shuffle: SHUFFLE, albumId: ALBUM_ID, showFavoritesOnly: SHOW_FAVORITES_ONLY, refreshInterval: REFRESH_INTERVAL, includeVideos: INCLUDE_VIDEOS, connected: !!API_KEY, authEnabled: AUTH_ENABLED }); }); app.get('/api/server-info', async (_req, res) => { try { const r = await fetch(IMMICH_URL + '/api/server/version', { headers: immichHeaders() }); if (!r.ok) throw new Error('Immich returned ' + r.status); const v = await r.json(); log('Immich OK v' + v.major + '.' + v.minor + '.' + v.patch); res.json({ ok: true, version: v }); } catch (e) { logErr('Immich failed: ' + e.message); res.status(502).json({ ok: false, error: e.message }); } }); app.get('/api/albums', async (_req, res) => { try { const r = await fetch(IMMICH_URL + '/api/albums', { headers: immichHeaders() }); if (!r.ok) throw new Error('' + r.status); const a = await r.json(); log('Listed ' + a.length + ' albums'); res.json(a.map(x => ({ id: x.id, albumName: x.albumName, assetCount: x.assetCount, albumThumbnailAssetId: x.albumThumbnailAssetId, updatedAt: x.updatedAt }))); } catch (e) { logErr('Albums: ' + e.message); res.status(502).json({ error: e.message }); } }); app.get('/api/albums/:id', async (req, res) => { try { const r = await fetch(IMMICH_URL + '/api/albums/' + req.params.id, { headers: immichHeaders() }); if (!r.ok) throw new Error('' + r.status); const al = await r.json(); const a = filterAssets(al.assets || []).map(mapAsset); log('Album "' + al.albumName + '": ' + a.length + ' assets'); res.json({ id: al.id, albumName: al.albumName, assetCount: a.length, assets: a }); } catch (e) { logErr('Album: ' + e.message); res.status(502).json({ error: e.message }); } }); app.get('/api/people', async (_req, res) => { try { const r = await fetch(IMMICH_URL + '/api/people', { headers: immichHeaders() }); if (!r.ok) throw new Error('' + r.status); const d = await r.json(); res.json((d.people || d || []).map(p => ({ id: p.id, name: p.name, thumbnailPath: p.thumbnailPath }))); } catch (e) { res.status(502).json({ error: e.message }); } }); app.get('/api/people/:id', async (req, res) => { try { const r = await fetch(IMMICH_URL + '/api/people/' + req.params.id + '/assets', { headers: immichHeaders() }); if (!r.ok) throw new Error('' + r.status); const raw = await r.json(); res.json(filterAssets(Array.isArray(raw) ? raw : []).map(mapAsset)); } catch (e) { res.status(502).json({ error: e.message }); } }); app.get('/api/people/:id/thumbnail', async (req, res) => { try { const r = await fetch(IMMICH_URL + '/api/people/' + req.params.id + '/thumbnail', { headers: { 'x-api-key': API_KEY } }); if (!r.ok) throw new Error('' + r.status); res.set('Content-Type', r.headers.get('content-type') || 'image/jpeg'); res.set('Cache-Control', 'public, max-age=86400'); r.body.pipe(res); } catch (e) { res.status(502).json({ error: e.message }); } }); app.get('/api/assets/random', async (req, res) => { try { const c = Math.min(parseInt(req.query.count, 10) || 50, 250); const r = await fetch(IMMICH_URL + '/api/assets/random?count=' + c, { headers: immichHeaders() }); if (!r.ok) throw new Error('' + r.status); res.json(filterAssets(await r.json()).map(mapAsset)); } catch (e) { res.status(502).json({ error: e.message }); } }); app.get('/api/assets/favorites', async (_req, res) => { try { const r = await fetch(IMMICH_URL + '/api/search/metadata', { method: 'POST', headers: immichHeaders(), body: JSON.stringify({ isFavorite: true, size: 250, page: 1 }) }); if (!r.ok) throw new Error('' + r.status); const d = await r.json(); res.json(filterAssets(d.assets && d.assets.items ? d.assets.items : []).map(a => { var m = mapAsset(a); m.isFavorite = true; return m; })); } catch (e) { res.status(502).json({ error: e.message }); } }); app.get('/api/assets/:id/thumbnail', async (req, res) => { try { const r = await fetch(IMMICH_URL + '/api/assets/' + req.params.id + '/thumbnail?size=' + (req.query.size || 'preview'), { headers: { 'x-api-key': API_KEY } }); if (!r.ok) throw new Error('' + r.status); res.set('Content-Type', r.headers.get('content-type') || 'image/jpeg'); res.set('Cache-Control', 'public, max-age=86400'); r.body.pipe(res); } catch (e) { res.status(502).json({ error: e.message }); } }); app.get('/api/assets/:id/video', async (req, res) => { try { const r = await fetch(IMMICH_URL + '/api/assets/' + req.params.id + '/video/playback', { headers: { 'x-api-key': API_KEY } }); if (!r.ok) throw new Error('' + r.status); res.set('Content-Type', r.headers.get('content-type') || 'video/mp4'); res.set('Cache-Control', 'public, max-age=86400'); const cl = r.headers.get('content-length'); if (cl) res.set('Content-Length', cl); r.body.pipe(res); } catch (e) { res.status(502).json({ error: e.message }); } }); app.get('/api/assets/:id/original', async (req, res) => { try { const r = await fetch(IMMICH_URL + '/api/assets/' + req.params.id + '/original', { headers: { 'x-api-key': API_KEY } }); if (!r.ok) throw new Error('' + r.status); res.set('Content-Type', r.headers.get('content-type') || 'image/jpeg'); res.set('Cache-Control', 'public, max-age=86400'); r.body.pipe(res); } catch (e) { res.status(502).json({ error: e.message }); } }); // --- REST API: Client management --- app.get('/api/clients', requireApiToken, (_req, res) => { res.json({ ok: true, clients: getClientList() }); }); app.post('/api/clients/:id/command', requireApiToken, (req, res) => { const { id } = req.params; const { action, payload } = req.body || {}; if (!action) return res.status(400).json({ ok: false, error: 'Missing action' }); const target = findFrameById(id); if (!target) return res.status(404).json({ ok: false, error: 'Client not found' }); if (target.status === 'offline' || !target.ws) return res.status(410).json({ ok: false, error: 'Client is offline' }); if (target.ws.readyState !== WebSocket.OPEN) return res.status(410).json({ ok: false, error: 'Client WebSocket not connected' }); target.ws.send(JSON.stringify({ type: 'command', action, payload: payload || {} })); log('REST command ' + action + ' -> ' + id); res.json({ ok: true, action, targetId: id }); }); app.delete('/api/clients/:id', requireApiToken, (req, res) => { const { id } = req.params; const targetIp = findFrameIpById(id); if (!targetIp) return res.status(404).json({ ok: false, error: 'Client not found' }); const removed = frameRegistry.get(targetIp); if (removed && removed.ws && removed.ws.readyState === WebSocket.OPEN) removed.ws.close(); frameRegistry.delete(targetIp); log('REST removed client: ' + targetIp); res.json({ ok: true, removedId: id }); }); app.get('/admin', requireAdminAuth, (_req, res) => { res.sendFile(path.join(__dirname, 'public', 'admin', 'index.html')); }); app.get('*', (_req, res) => { res.sendFile(path.join(__dirname, 'public', 'index.html')); }); server.listen(PORT, '0.0.0.0', () => { log('--- Frambe v' + VERSION + ' ---'); log('Server listening on port ' + PORT); log('Admin dashboard: http://0.0.0.0:' + PORT + '/admin'); log('WebSocket: ws://0.0.0.0:' + PORT + '/ws'); log('Immich URL: ' + IMMICH_URL); log('API key: ' + (API_KEY ? 'configured (' + API_KEY.substring(0, 8) + '...)' : 'NOT SET')); log('Admin auth: ' + (AUTH_ENABLED ? 'ENABLED (user: ' + ADMIN_USERNAME + ')' : 'DISABLED (no ADMIN_PASSWORD set)')); log('API token: ' + (FRAMBE_API_TOKEN ? 'configured (' + FRAMBE_API_TOKEN.substring(0, 8) + '...)' : 'NOT SET (REST API open)')); log('Slideshow: ' + SLIDESHOW_INTERVAL + 's interval, refresh every ' + REFRESH_INTERVAL + 's'); log('Videos: ' + (INCLUDE_VIDEOS ? 'enabled' : 'disabled')); log('Waiting for connections...'); });