Quick Start

Last Updated on : 2023-11-02 09:20:25download

This topic describes how to enable LAN control on a gateway and authorize a third-party application to access it.

Step 1: Enable LAN control

LAN control is disabled by default. To enable it, go to Advanced Feature > LAN Control in the gateway panel on the mobile app.

After this feature is enabled, the mobile app will generate a token to authorize the third-party application.

Step 2: Implement authentication

The gateway communicates with third-party applications over a LAN using WebSocket over TLS. Here is how it works:

ApplicationGatewayImport server certificate and tokenClient helloServer helloCertificates/server key exchange/server hello doneClient key exchange/change cipher spec/encrypted handshake messageChange cipher spec/encrypted handshake messagesInitiate an HTTP Upgrade request with bearer tokenRespond to HTTP Upgrade requestApplicationGateway

The TLS certificate is a self-signed certificate used by the gateway. The third-party application uses the following certificate to verify the identity of the gateway, without validating the domain name.

-----BEGIN CERTIFICATE-----
MIIDRzCCAi8CFBvQZMyRtmw6tF6SvHdUtwbc21l8MA0GCSqGSIb3DQEBCwUAMF8x
CzAJBgNVBAYTAkNOMREwDwYDVQQIDAhTaGVuWmhlbjEZMBcGA1UECgwQVHV5YSBH
bG9iYWwgSW5jLjEMMAoGA1UECwwDSEREMRQwEgYDVQQDDAtUSFAxMi1aLUxBTjAg
Fw0yMzA3MTExMDM4NDJaGA8yMTIzMDYxNzEwMzg0MlowXzELMAkGA1UEBhMCQ04x
ETAPBgNVBAgMCFNoZW5aaGVuMRkwFwYDVQQKDBBUdXlhIEdsb2JhbCBJbmMuMQww
CgYDVQQLDANIREQxFDASBgNVBAMMC1RIUDEyLVotTEFOMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA0XfIW8HGS2/P+5a2cyIvRDMWE+a84iCu0i3XImha
PuNDtH+i+MmSym0kzJ68no/2lQWDgb2NwCjwr+kbbhDXY5q0JnA9Yru+UUixFTnp
sxLS16aT4E76Yyt59X03Bh8XK/Cox/sxIfSlFgbieT5KleNbt3SDqns5ZMWdq7FF
9UvFatc0lS8GPAVBnK8ayv875+ClOUDAp/pS/086VDJMSwAOCIl5xja+eFWScfUW
iYfHs83jfi9miG5WUFVCqd1XwmuKRxLgkaFVO1r1YBtv/sJHPMZruSqcr9/RsSnh
Ml+0BSzkpXzHTtSBqydZ1GwwWYZkIwkxw66gfZ/v/RHU8QIDAQABMA0GCSqGSIb3
DQEBCwUAA4IBAQBGWcQnzjL5EOodiCuDk2wJdpWfYwYUEJN5cnfWVoCDH63RPQV6
nWPhQx1q+kSxBZyrH2w8zObU2b6SnXQuvKzm+2+gbpH5j211ZHbBNJLT84q/TSJn
s6jm8mQDPnMeAPyPgTDxGNbXH6ZX9yjgAFLPvmvVXYNUczQCuw1aRRj3pek0oijP
lBGbXnK275Ik/02OixSlaOgxSDsqoLy+hbQ5KoSi11YqwZ6xPwdCcpOYfC59luKx
TNXaf/JMIQVGeKP7K96FF5ROtBoVIk8+hs++r1IjRSJo6zh4lA39Vd6lzfaRAcjV
ci9fK4nmgdzAjP7FMbIQ60kbW8cM0JI54L2h
-----END CERTIFICATE-----

Example code in Python:

import ssl
import websocket

ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.load_verify_locations(cafile='./server.crt')

token = "35839781-ac48-45c8-9e4f-31d5ea7f59b2"
websocket_url = "wss://localhost:433"

ws = websocket.WebSocket()
ws.connect(websocket_url, header={"Authorization": f"Bearer {token}"})

Step 3: Get the device list

Once the WebSocket connection is established, the gateway and the third-party application can talk to each other. You can try requesting the device list from the gateway to verify the functionality.

Request from the third-party application:

import json

message = json.dumps({
    "method": "getDeviceList",
    "action": "request",
    "ver": 0,
    "seq": 1
})

ws.send(message)
print("Recv: ", ws.recv())

Response from the gateway:

{
    "method": "getDeviceList",
    "action": "response",
    "ver": 0,
    "seq": 1,
    "code": 0,
    "payload": [
        "a4c1380bb1d2f0d5",
        "a4c1385acafc01b5",
        "a4c138e72a0fb5a9",
        "a4c138807e3b1182"
    ]
}