Replace call to album's HTML page with SYNO.Core.Sharing.Login API call

[Caleb9]

Hi @zeichensatz.

First of all thanks for sharing your work on this undocumented API. It got me started with my own two projects using Synology Photos (shameless self-advertising: synology-photos-slideshow for a digital-photo-frame project, and SynologyPhotosUtil for managing some tasks in Synology Photos).

Anyway I went through the same hurdle as you did to obtain the Shared Album cookie by just calling the HTML link which downloads entire JS client which is unnecessary e.g. when the app is not running in a browser. Somehow I managed to figure out that there actually is an API which returns both the sharing_sid cookie and JSON content containing the value as well - the SYNO.Core.Sharing.Login API. What led me to this discovery was trying to load a password protected public album in a signed-out browser using the sharing link.

This PR contains an update to your guide in README replacing the call to HTML page with API call.

It would still be useful to find out how to obtain sharing_sid when the share link is password protected, but so far I failed to figure it out. Inspecting the browser traffic, the official client first obtains a public key from the API, and then uses it to encrypt the password using RSA and/or AES - but that's a riddle for another time.

Hope you'll find this stuff useful, and also that Synology will one day finally give us official documentation for Photos API :).

Cheers!

[zeichensatz]

Hi Piotr, thanks for this interesting note too! I'm a bit short of time at the moment. Will check this issue again soon.