search

ekutner / home-connect-hass

Alternative (and improved) Home Connect integration for Home Assistant
MIT License
627 stars 59 forks source link

Add http (socks) proxy support #360

Open zzz676 opened 8 months ago

zzz676 commented 8 months ago

Bosch servers have recently been unavailable from some countries for connection from this integration. For this reason, there is a request to add the ability to use a proxy server to connect to Bosch servers.

ekutner commented 8 months ago

I don't remember that the appliances themselves have an option to configure a proxy, how do they connect to the HC servers in this case? How does the mobile app connect to the appliances when not connected to wifi?

zzz676 commented 8 months ago

I don't remember that the appliances themselves have an option to configure a proxy, how do they connect to the HC servers in this case? How does the mobile app connect to the appliances when not connected to wifi?

The devices themselves connect without problems, as does the proprietary Home Connect application. The problem, as I understand it, is precisely the connection through their API, through which the integration works.

moskovskiy82 commented 7 months ago

I don't remember that the appliances themselves have an option to configure a proxy, how do they connect to the HC servers in this case? How does the mobile app connect to the appliances when not connected to wifi?

The devices themselves connect without problems, as does the proprietary Home Connect application. The problem, as I understand it, is precisely the connection through their API, through which the integration works.

Exactly. Furthermore a local only mode is supported by the HomeConenct. You can enable it in the app settings. See #353

ekutner commented 7 months ago

@zzz676 How do you know the appliances connect to the HC cloud? The mobile app can connect to them directly, without connecting to the HC cloud server, when they are on the same wifi network. The whole scenario doesn't make sense to me, if HC are blocking some countries then the appliances should be blocked too, why would they only block API access but still allow the appliances to connect from the same countries? Have you reached out to HC about this? What error is generated when the integration is connecting to the API?

As already discussed in #353 I have no plan to reverse engineer the local protocol, so unless HC officially support local API access it's not going to happen.

alexbilevskiy commented 7 months ago

TL;DR Set up VPN on your home router and redirect traffic for api-rna.home-connect.com, singlekey-id.com (both needed for auth flow) and api.home-connect.com (used by integration, ip address is the same as api-rna...) via vpn.

How do you know the appliances connect to the HC cloud?

From official home connect app (with wifi disabled) image

The whole scenario doesn't make sense to me, if HC are blocking some countries then the appliances should be blocked too, why would they only block API access but still allow the appliances to connect from the same countries?

Actually it's been like this for a while now. The funny thing is that even mobile app works fine (except authorization part), but not api.

What error is generated when the integration is connecting to the API?

With vpn disabled, this error is shown

2024-04-08 19:09:53.884 ERROR (MainThread) [aiohttp_sse_client.client] fetch https://api.home-connect.com/api/homeappliances/events failed: 403

When requested with curl, there is 403 in plain html:

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

and this is with vpn 

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
{
  "error": {
    "key": "401",
    "description": "Authentication is possible but has failed or not yet been provided."
  }
}
ekutner commented 7 months ago

That's really strange. To be honest I would accept a PR that add this but doubt it will be something I get to do myself in the foreseeable future. You may want to consider a workaround by adding a routing rule on your Home Assistant server that would direct traffic for api.home-connect.com (IP addresses 18.193.228.33, .124.235.66, 18.196.116.41) to the VPN. That's all you really need because the authentication is done from your browser which already support proxy definitions.

zzz676 commented 7 months ago

TL;DR Set up VPN on your home router and redirect traffic for api-rna.home-connect.com, singlekey-id.com (both needed for auth flow) and api.home-connect.com (used by integration, ip address is the same as api-rna...) via vpn.

How do you know the appliances connect to the HC cloud?

From official home connect app (with wifi disabled) image

The whole scenario doesn't make sense to me, if HC are blocking some countries then the appliances should be blocked too, why would they only block API access but still allow the appliances to connect from the same countries?

Actually it's been like this for a while now. The funny thing is that even mobile app works fine (except authorization part), but not api.

What error is generated when the integration is connecting to the API?

With vpn disabled, this error is shown

2024-04-08 19:09:53.884 ERROR (MainThread) [aiohttp_sse_client.client] fetch https://api.home-connect.com/api/homeappliances/events failed: 403

When requested with curl, there is 403 in plain html:

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

and this is with vpn

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
{
  "error": {
    "key": "401",
    "description": "Authentication is possible but has failed or not yet been provided."
  }
}

Thank you for your reply. Couldn't answer, was unavailable. I confirm, everything is the same for me.