HTTPS + Basic Auth Request

[swamplynx]

This is probably more of a pebkac issue, but I've modified sonos-http-api to support ssl and basic auth for security reasons. Call me paranoid, but I don't want some script kiddie interrupting my sweet jams... I'm having a hell of a time editing the options and index Lambda json though to get it to make an https request and pass basic auth creds. Any ideas? The AWS error "logs" are next to useless.

Disregard. Some lame syntax issue on my end. Thanks for the amazing tool!

[tcprescott]

Could you share your modifications? I'm wanting to do something similar.

[swamplynx]

Sure. No problem. Do you have Sonos-HTTP-API running in SSL yet? That is step one. I just merged the code from here:

https://github.com/jishi/node-sonos-http-api/pull/87

For echo-sonos in Lambda, you just need it to do an SSL request with Basic auth.

In index.js add: var https = require('https');

and change the httpreq function to use https (change http.request to https.request):

function httpreq(options, responseCallback) {
  console.log("Sending HTTP request to: " + options.path);

  https.request(options, function(httpResponse) {
      var body = '';

Finally in options.js you need to encode your username+pass into the request header:

var auth = new Buffer('your-username' + ':' + 'your-password').toString('base64');
var options = {
  appid: "amzn1.echo-sdk-ams.app.your-app-id",
  host: "your-hostname.your-domain.com",
  port: "5005",
  headers: {
                    Authorization: 'Basic ' + auth,
                    'Content-Type': 'application/json'
                }
};

module.exports = options;

[tcprescott]

Thanks!

I actually just put apache in front of it for the SSL and auth, but the code for lambda was helpful.

[rgraciano]

Once https://github.com/jishi/node-sonos-http-api/pull/87 is integrated, I'll add some code to echo-sonos to work with it

[2MuchTech]

I'm trying to implement the SSL and Basic Auth and I'm running into some problems with the Lambda side. I've successfully run Doug Hall's latest HTTPS and port 5006 changes that jishi integrated into Node Sonos HTTP API, and I am able to use my local browser (i.e. running on the same system as Node Sonos) to control my Sonos system via HTTPS and port 5006. It asks for the user name and password as expected, and everything works fine (although the browser complains about the HTTPS connection because I'm using a self signed cert, of course). I'm also able to use a browser routing through the cellular network to log in via HTTPS and port 5006, so I know all of the port forwarding is working correctly.

My problem arises when I try to get AWS Lambda to connect to my system. I'm currently port forwarding both 5005 and 5006 while I'm debugging, and everything works fine from Lambda if I use HTTP and port 5005, but when I switch to using HTTPS and 5006, the Lambda "Test" function returns DEPTH_ZERO_SELF_SIGNED_CERT. I tried setting Agent:False (based on something I found online about this error) in the Options object in the Lambda JS code, but that didn't solve the problem.

I modified the console.log line in the httpreq function so I could verify the complete URL Lambda is trying to access, and it appears to be correct. My modified line of code is:

console.log("Sending HTTP request to: " + options.host + ":" + options.port + options.path);

Any ideas of what I need to do to get Lambda to work with a self signed cert in Node Sonos?

[swamplynx]

My guess would be at a service layer, Amazon's request.https requires a legit cert, though you might be able to find someone using a self-signed cert in another project that could provide a clue. If they do allow a self signed cert, you will probably have to upload the public key... I would just get a free SSL cert from StartSSL. You would also have to have your own domain, but plenty of low cost options there and plenty of uses aside from this one project.

[rgraciano]

@swamplynx - thanks, I added the options.js change for basic auth. Seems to work both when auth is setup on node-sonos-http-api, and when it isn't (server just ignores the extra headers). Still need to take a look at HTTPS.

[rgraciano]

echo-sonos now supports HTTPS (with either CA-signed or self-signed certs) and basic auth.