More formatting

.github/workflows/ci.yml

@@ -47,21 +47,19 @@ jobs:
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             simojenki/bonob
             ghcr.io/simojenki/bonob
       -
         name: Login to DockerHub
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Log in to GitHub Container registry
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
@@ -69,10 +67,10 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Push image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm/v7,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -11,3 +11,6 @@ node_modules
 !.yarn/sdks
 !.yarn/versions
 .pnp.*
+log.txt
+navidrome.txt
+bonob.txt

CLAUDE.md

@@ -0,0 +1,187 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+bonob is a Sonos SMAPI (Sonos Music API) implementation that bridges Subsonic API clones (like Navidrome and Gonic) with Sonos devices. It acts as a middleware service that translates between the Subsonic API and Sonos's proprietary music service protocol, allowing users to stream their personal music libraries to Sonos speakers.
+
+## Development Commands
+
+### Building and Running
+```bash
+# Build TypeScript to JavaScript
+npm run build
+
+# Development mode with auto-reload (requires environment variables)
+npm run dev
+# OR with auto-registration
+npm run devr
+
+# Register bonob service with Sonos devices
+npm run register-dev
+```
+
+### Testing
+```bash
+# Run all tests
+npm test
+
+# Run tests in watch mode
+npm run testw
+
+# Set custom test timeout (default: 5000ms)
+JEST_TIMEOUT=10000 npm test
+```
+
+### Environment Variables for Development
+When running locally, you need to set several environment variables:
+- `BNB_DEV_HOST_IP`: Your machine's IP address (so Sonos can reach bonob)
+- `BNB_DEV_SONOS_DEVICE_IP`: IP address of a Sonos device for discovery
+- `BNB_DEV_SUBSONIC_URL`: URL of your Subsonic API server (e.g., Navidrome)
+
+## Architecture
+
+### Core Components
+
+**`src/app.ts`** - Application entry point
+- Reads configuration from environment variables
+- Initializes all services (Subsonic, Sonos, authentication)
+- Wires together the Express server with appropriate dependencies
+- Handles SIGTERM for graceful shutdown
+
+**`src/server.ts`** - Express HTTP server
+- Serves web UI for service registration and login
+- Handles music streaming (`/stream/track/:id`)
+- Generates icons and cover art (`/icon/...`, `/art/...`)
+- Serves Sonos-specific XML files (strings, presentation map)
+- Binds SOAP service for Sonos SMAPI communication
+
+**`src/smapi.ts`** - Sonos SMAPI SOAP implementation (1200+ lines)
+- Implements the Sonos Music API Protocol via SOAP/XML
+- Core operations: `getMetadata`, `getMediaURI`, `search`, `getExtendedMetadata`
+- Handles authentication flow with link codes and device auth tokens
+- Manages token refresh and session management
+- Maps music library concepts to Sonos browse hierarchy
+
+**`src/subsonic.ts`** - Subsonic API client
+- Implements `MusicService` and `MusicLibrary` interfaces
+- Handles authentication with Subsonic servers using token-based auth
+- Translates between Subsonic data models and bonob's domain types
+- Supports custom player configurations for transcoding
+- Special handling for Navidrome (bearer token authentication)
+- Implements artist image fetching with optional caching
+
+**`src/music_service.ts`** - Core domain types and interfaces
+- Defines `MusicService` interface (auth and login)
+- Defines `MusicLibrary` interface (browsing, search, streaming, rating, scrobbling)
+- Domain types: `Artist`, `Album`, `Track`, `Playlist`, `Genre`, `Rating`, etc.
+- Uses `fp-ts` for functional programming patterns (`TaskEither`, `Option`, `Either`)
+
+**`src/sonos.ts`** - Sonos device discovery and registration
+- Discovers Sonos devices on the network using SSDP/UPnP
+- Registers/unregisters bonob as a music service with Sonos systems
+- Supports both auto-discovery and seed-host based discovery
+- Uses `@svrooij/sonos` library for device communication
+
+**`src/smapi_auth.ts`** - Authentication token management
+- Implements JWT-based SMAPI tokens (token + key pairs)
+- Handles token verification and expiry
+- Token refresh flow using `fp-ts` `TaskEither`
+
+**`src/config.ts`** - Configuration management
+- Reads and validates environment variables (all prefixed with `BNB_`)
+- Legacy environment variable support (BONOB_ prefix)
+- Type-safe configuration with defaults
+
+### Key Abstractions
+
+**BUrn (Bonob URN)** - Resource identifier system (`src/burn.ts`)
+- Format: `{ system: string, resource: string }`
+- Systems: `subsonic` (for cover art), `external` (for URLs like Spotify images)
+- Used for abstracting art/image sources across different backends
+
+**URL Builder** (`src/url_builder.ts`)
+- Wraps URL manipulation with a builder pattern
+- Handles context path for reverse proxy deployments
+- Used throughout for generating URLs that Sonos devices can access
+
+**Custom Players** (`src/subsonic.ts`)
+- Allows mime-type specific transcoding configurations
+- Maps source mime types to transcoded types
+- Creates custom "client" names in Subsonic (e.g., "bonob+audio/flac")
+- Example: `BNB_SUBSONIC_CUSTOM_CLIENTS="audio/flac>audio/mp3"`
+
+### Data Flow
+
+1. **Sonos App Request** → SOAP endpoint (`/ws/sonos`)
+2. **SOAP Service** → Verifies auth token, calls `MusicLibrary` methods
+3. **MusicLibrary** → Makes Subsonic API calls, transforms data
+4. **SOAP Response** → Returns XML formatted for Sonos
+
+For streaming:
+1. **Sonos Device** → `GET /stream/track/:id` with custom headers (bnbt, bnbk)
+2. **Stream Handler** → Verifies token, calls `MusicLibrary.stream()`
+3. **Subsonic Stream** → Proxies audio with proper mime-type handling
+4. **Response** → Streams audio to Sonos, reports "now playing"
+
+### Icon System (`src/icon.ts`)
+- SVG-based icon generation with dynamic colors
+- Supports foreground/background color customization via `BNB_ICON_FOREGROUND_COLOR` and `BNB_ICON_BACKGROUND_COLOR`
+- Genre-specific icons
+- Text overlay support (e.g., year icons like "1984")
+- Holiday/festival decorations (auto-applied based on date)
+- Legacy mode: renders to 80x80 PNG for older Sonos systems
+
+### Authentication Flow
+1. Sonos app requests link code via `getAppLink()`
+2. User visits login URL with link code
+3. User enters Subsonic credentials
+4. bonob validates with Subsonic, generates service token
+5. bonob associates link code with service token
+6. Sonos polls `getDeviceAuthToken()` with link code
+7. bonob returns SMAPI token (JWT) to Sonos
+8. Subsequent requests use SMAPI token, which maps to service token
+
+### Testing Philosophy
+- Jest with ts-jest preset
+- In-memory implementations for `LinkCodes`, `APITokens` for testing
+- Mocking with `ts-mockito`
+- Test helpers in `tests/` directory
+- Console.log suppressed in tests (see `tests/setup.js`)
+
+## Common Patterns
+
+### Error Handling
+- Use `fp-ts` `TaskEither<AuthFailure, T>` for async operations that can fail with auth errors
+- SOAP faults for Sonos-specific errors (see SMAPI_FAULT_* constants)
+- Promise-based error handling with `.catch()` for most async operations
+
+### Type Safety
+- Strict TypeScript (`strict: true`, `noImplicitAny: true`, `noUncheckedIndexedAccess: true`)
+- Extensive use of discriminated unions
+- Interface-based design for pluggable services
+
+### Logging
+- Winston-based logger (`src/logger.ts`)
+- Log level controlled by `BNB_LOG_LEVEL`
+- Request logging optional via `BNB_SERVER_LOG_REQUESTS`
+
+### Functional Programming
+- Heavy use of `fp-ts` for `Option`, `Either`, `TaskEither`
+- Pipe-based composition (`pipe(data, fn1, fn2, ...)`)
+- Immutable data transformations
+
+## File Organization
+- `src/` - TypeScript source code
+- `tests/` - Jest test files (mirrors src/ structure)
+- `build/` - Compiled JavaScript (gitignored)
+- `web/` - HTML templates (Eta templating) and static assets
+- `typings/` - Custom TypeScript definitions
+
+## Important Constraints
+- bonob must be accessible from Sonos devices at `BNB_URL`
+- `BNB_URL` cannot contain "localhost" (validation error)
+- Sonos requires specific XML formats (SMAPI WSDL v1.19.6)
+- Streaming must handle HTTP range requests for seek functionality
+- Token lifetime (`BNB_AUTH_TIMEOUT`) should be less than Subsonic session timeout

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22-bullseye-slim AS build
+FROM node:22-trixie-slim AS build
 
 WORKDIR /bonob
 
@@ -36,7 +36,7 @@ RUN apt-get update && \
     NODE_ENV=production npm install --omit=dev
 
 
-FROM node:22-bullseye-slim
+FROM node:22-trixie-slim
 
 LABEL maintainer="simojenki" \
       org.opencontainers.image.source="https://github.com/simojenki/bonob" \

UPDATES.md

@@ -0,0 +1,45 @@
+# Updates for SMAPI
+
+Run Bonob on your server.
+
+Bonob now needs a volume to store OAuth Tokens. In the example below that directory is `/var/containers/bonob`. Adapt as needed.
+Also the example below uses a `bonob` user on the system with ID `1210` and group `100`. The directory should be owned by that user.
+
+Example systemd file (`/usr/lib/systemd/system/bonob.service`):
+```
+[Unit]
+Description=bonob Container Service
+Wants=network.target
+After=network-online.target
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=always
+ExecStartPre=-/usr/bin/podman rm -f bonob
+ExecStart=/usr/bin/podman run --rm \
+  --name bonob \
+  --label "io.containers.autoupdate=image" \
+  --user 1210:100 \
+  --env BNB_SONOS_SERVICE_NAME="Navidrome" \
+  --env BNB_PORT=8200 \
+  --env BNB_URL="https://bonob.mydomain.com" \
+  --env BNB_SECRET="Some random string" \
+  --env BNB_SONOS_SERVICE_ID=Your Sonos ID \
+  --env BNB_SUBSONIC_URL=https://music.mydomain.com \
+  --env BNB_ICON_FOREGROUND_COLOR="black" \
+  --env BNB_ICON_BACKGROUND_COLOR="#65d7f4" \
+  --env BNB_SONOS_AUTO_REGISTER=false \
+  --env BNB_SONOS_DEVICE_DISCOVERY=false \
+  --env BNB_LOG_LEVEL="info" \
+  --env TZ="Europe/Vienna" \
+  --volume /var/containers/bonob:/config:Z \
+  --publish 8200:8200 \
+  quay.io/wkulhanek/bonob:latest
+ExecStop=/usr/bin/podman rm -f bonob
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=bonob
+
+[Install]
+WantedBy=multi-user.target default.target
+```

package-lock.json

@@ -3024,31 +3024,6 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/encoding": {
-      "version": "0.1.13",
-      "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz",
-      "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==",
-      "license": "MIT",
-      "optional": true,
-      "peer": true,
-      "dependencies": {
-        "iconv-lite": "^0.6.2"
-      }
-    },
-    "node_modules/encoding/node_modules/iconv-lite": {
-      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
-      "license": "MIT",
-      "optional": true,
-      "peer": true,
-      "dependencies": {
-        "safer-buffer": ">= 2.1.2 < 3.0.0"
-      },
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
     "node_modules/entities": {
       "version": "4.5.0",
       "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",

sonos_service/SONOS_SERVICE.adoc

@@ -0,0 +1,85 @@
+= Setting up Sonos Service
+
+== Prerequisites
+* In your Sonos App get your Sonos ID (About my Sonos System)
++
+image::images/about.png[]
+
+* Navidrome running and available from the Internet. E.g. via https://music.mydomain.com
+* Bonob running and available from the Internet. E.g. via https://bonob.mydomain.com
+
+You can use any method to make these URLs available. Cloudflare Tunnels, Pangolin, reverse proxy, etc.
+
+== Sonos Service Integration
+
+* Log into https://play.sonos.com
+* Once logged in go to https://developer.sonos.com/s/integrations
+
+* Create a *New Content Integration*
+
+** General Information
+*** Service Name: Navidrome
+*** Service Availability: Global
+*** Checkbox checked
+*** Website/Social Media URLs: https://music.mydomain.com (Some URL - e.g. your Navidrome server)
+
+** Sonos Music API
+*** Integration ID: com.mydomain.music (your domain in reverse)
+*** Configuration Label: 1.0
+*** SMAPI Endpoint: https://bonob.mydomain.com/ws/sonos
+*** SMAPI Endpoint Version: 1.1
+*** Radio Endpoint: empty
+*** Reporting Endpoint: https://bonob.mydomain.com/report/v1
+*** Reporting Endpoint Version: 2.3
+*** Authentication Method: OAuth
+*** Redirect: https://bonob.mydomain.com/login
+*** Auth Token Time To Life: Empty
+*** Browse/Search Results Page Size: 100
+*** Polling Interval: 60
+
+** Brand Assets
+
+*** Just upload the various assets from the `sonos_artwork` directory.
+
+** Localization Resources
+
+*** Write something about your service in the various fields (except Explicit Filter Description).
+
+** Integration Capabilities
+
+*** Check the first two (*Enable Extended Metadata* and *Enable Extended Metadata for Playlists*) and nothing else.
+
+** Image Replacement Rules
+
+*** No changes
+
+** Browse Options
+
+*** No changes
+
+** Search Capabilities
+
+*** API Catalog Type: SMAPI Catalog
+*** Catalog Title: Music
+*** Catalog Type: GLOBAL
+
+*** Add Three Categories with ID and Mapped ID:
++
+Albums - albums
+Artists - artists
+Tracks - tracks
+
+** Content Actions
+
+*** No changes
+
+** Service Deployment Settings
+
+*** Sonos ID: Your Sonos ID (from About my system). This is how only your controller sees the new service.
+*** System Name: Whatever you want
+
+** Service Configuration
+
+*** Click on *Refresh* and then *Send*. You should get a success message that you can dismiss with *Done*.
+
+* In your app search for your service name and add Service in your app as usual.

sonos_service/sonos_artwork/service_logo_200x800.svg

@@ -0,0 +1,18 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="800" height="200" viewBox="0 0 800 200" role="img" aria-labelledby="title desc">
+  <title id="title">Bonob Subsonic Logo</title>
+  <desc id="desc">A blue music-note icon with family dots on the left, followed by stacked text Bonob Navidrome in blue.</desc>
+
+  <!-- Icon (scaled and positioned) -->
+  <g transform="translate(20,20) scale(4)">
+    <rect x="0" y="0" width="40" height="40" rx="6" ry="6" fill="#1976d2"/>
+    <circle cx="11.5" cy="15.5" r="1.6" fill="#ffffff"/>
+    <circle cx="11.5" cy="22.5" r="1.6" fill="#ffffff"/>
+    <circle cx="22" cy="26" r="4" fill="#ffffff"/>
+    <rect x="24" y="10" width="1.6" height="16" rx="0.8" fill="#ffffff"/>
+    <path d="M25.6 11.2 C29.0 10.6 30.2 13.6 27.4 14.6 C29.2 15.4 27.6 16.6 25.6 15.8 Z" fill="#ffffff"/>
+  </g>
+
+  <!-- Text stacked in two lines -->
+  <text x="240" y="90" font-family="Arial, Helvetica, sans-serif" font-size="80" fill="#1976d2">Bonob</text>
+  <text x="240" y="160" font-family="Arial, Helvetica, sans-serif" font-size="80" fill="#1976d2">Navidrome</text>
+</svg>

sonos_service/sonos_artwork/service_logo_20x180.svg

@@ -0,0 +1,19 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="180" height="20" viewBox="0 0 180 20" role="img" aria-labelledby="title desc">
+  <title id="title">Bonob Subsonic Logo</title>
+  <desc id="desc">A blue music-note icon with family dots, followed by the text Bonob Subsonic in blue.</desc>
+
+  <!-- Icon scaled down to fit height -->
+  <g transform="scale(0.45) translate(0,0)">
+    <rect x="0" y="0" width="40" height="40" rx="6" ry="6" fill="#1976d2"/>
+    <circle cx="11.5" cy="15.5" r="1.6" fill="#ffffff"/>
+    <circle cx="11.5" cy="22.5" r="1.6" fill="#ffffff"/>
+    <circle cx="22" cy="26" r="4" fill="#ffffff"/>
+    <rect x="24" y="10" width="1.6" height="16" rx="0.8" fill="#ffffff"/>
+    <path d="M25.6 11.2 C29.0 10.6 30.2 13.6 27.4 14.6 C29.2 15.4 27.6 16.6 25.6 15.8 Z" fill="#ffffff"/>
+  </g>
+
+  <!-- Text -->
+  <text x="28" y="15" font-family="Arial, Helvetica, sans-serif" font-size="12" fill="#1976d2">
+    Bonob Subsonic
+  </text>
+</svg>

sonos_service/sonos_artwork/service_logo_40x40.svg

@@ -0,0 +1,20 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="40" height="40" viewBox="0 0 40 40" role="img" aria-labelledby="title desc">
+  <title id="title">Bonob Navidrome Music Server</title>
+  <desc id="desc">Blue rounded square with a white music note and two small circles representing family.</desc>
+
+  <!-- Blue rounded background -->
+  <rect x="0" y="0" width="40" height="40" rx="6" ry="6" fill="#1976d2"/>
+
+  <!-- Family dots (simple, symbolic) -->
+  <circle cx="11.5" cy="15.5" r="1.6" fill="#ffffff"/>
+  <circle cx="11.5" cy="22.5" r="1.6" fill="#ffffff"/>
+
+  <!-- Note head -->
+  <circle cx="22" cy="26" r="4" fill="#ffffff"/>
+
+  <!-- Note stem -->
+  <rect x="24" y="10" width="1.6" height="16" rx="0.8" fill="#ffffff"/>
+
+  <!-- Note flag (simple, filled shape) -->
+  <path d="M25.6 11.2 C29.0 10.6 30.2 13.6 27.4 14.6 C29.2 15.4 27.6 16.6 25.6 15.8 Z" fill="#ffffff"/>
+</svg>

src/app.ts

@@ -18,6 +18,7 @@ import sonos, { bonobService } from "./sonos";
 import { MusicService } from "./music_service";
 import { SystemClock } from "./clock";
 import { JWTSmapiLoginTokens } from "./smapi_auth";
+import { FileSmapiTokenStore } from "./smapi_token_store";
 
 const config = readConfig();
 const clock = SystemClock;
@@ -95,7 +96,8 @@ const app = server(
     logRequests: config.logRequests,
     version,
     smapiAuthTokens: new JWTSmapiLoginTokens(clock, config.secret, config.authTimeout),
-    externalImageResolver: artistImageFetcher
+    externalImageResolver: artistImageFetcher,
+    smapiTokenStore: new FileSmapiTokenStore("/config/tokens.json")
   }
 );
 

src/server.ts

@@ -39,9 +39,29 @@ import {
   JWTSmapiLoginTokens,
   SmapiAuthTokens,
 } from "./smapi_auth";
+import { SmapiTokenStore, InMemorySmapiTokenStore } from "./smapi_token_store";
 
 export const BONOB_ACCESS_TOKEN_HEADER = "bat";
 
+// Session storage for tracking active streams (for scrobbling)
+type StreamSession = {
+  serviceToken: string;
+  trackId: string;
+  timestamp: number;
+};
+
+const streamSessions = new Map<string, StreamSession>();
+
+// Clean up old sessions (older than 1 hour)
+setInterval(() => {
+  const oneHourAgo = Date.now() - (60 * 60 * 1000);
+  for (const [sid, session] of streamSessions.entries()) {
+    if (session.timestamp < oneHourAgo) {
+      streamSessions.delete(sid);
+    }
+  }
+}, 5 * 60 * 1000).unref(); // Run every 5 minutes, but don't prevent process exit
+
 interface RangeFilter extends Transform {
   range: (length: number) => string;
 }
@@ -92,6 +112,7 @@ export type ServerOpts = {
   version: string;
   smapiAuthTokens: SmapiAuthTokens;
   externalImageResolver: ImageFetcher;
+  smapiTokenStore: SmapiTokenStore;
 };
 
 const DEFAULT_SERVER_OPTS: ServerOpts = {
@@ -108,6 +129,7 @@ const DEFAULT_SERVER_OPTS: ServerOpts = {
     "1m"
   ),
   externalImageResolver: axiosImageFetcher,
+  smapiTokenStore: new InMemorySmapiTokenStore(),
 };
 
 function server(
@@ -133,6 +155,7 @@ function server(
     app.use(morgan("combined"));
   }
   app.use(express.urlencoded({ extended: false }));
+  app.use(express.json());
 
   app.use(express.static(path.resolve(__dirname, "..", "web", "public")));
   app.engine("eta", Eta.renderFile);
@@ -397,6 +420,14 @@ function server(
     if (!serviceToken) {
       return res.status(401).send();
     } else {
+      // Store session for scrobbling later (when Sonos reports playback)
+      streamSessions.set(id, {
+        serviceToken,
+        trackId: id,
+        timestamp: Date.now(),
+      });
+      logger.debug(`Stored stream session for track ${id}`);
+
       return musicService
         .login(serviceToken)
         .then((it) =>
@@ -598,6 +629,113 @@ function server(
       });
   });
 
+  // Sonos Reporting Endpoint for playback analytics
+  app.post("/report/:version/timePlayed", async (req, res) => {
+    const version = req.params["version"];
+    logger.debug(`Received Sonos reporting event (v${version}): ${JSON.stringify(req.body)}`);
+
+    try {
+      // Sonos may send an array of reports or a single report with items array
+      const reports = Array.isArray(req.body) ? req.body : [req.body];
+
+      for (const report of reports) {
+        // Handle both direct report format and items array format
+        const items = report.items || [report];
+
+        for (const item of items) {
+          const {
+            reportId,
+            mediaUrl,
+            durationPlayedMillis,
+            positionMillis,
+            type,
+          } = item;
+
+        // Extract track ID from mediaUrl (format: /stream/track/{id} or x-sonos-http:track%3a{id}.mp3)
+        let trackId: string | undefined;
+
+        if (mediaUrl) {
+          // Try standard URL format first
+          const standardMatch = mediaUrl.match(/\/stream\/track\/([^?]+)/);
+          if (standardMatch) {
+            trackId = standardMatch[1];
+          } else {
+            // Try x-sonos-http format (track%3a{id}.mp3)
+            const sonosMatch = mediaUrl.match(/track%3[aA]([^.?&]+)/);
+            if (sonosMatch) {
+              trackId = sonosMatch[1];
+            }
+          }
+        }
+
+        if (!trackId) {
+          logger.warn(`Could not extract track ID from mediaUrl: ${mediaUrl}, full report: ${JSON.stringify(report)}`);
+          continue; // Skip this report, process next one
+        }
+
+        const durationPlayedSeconds = Math.floor((durationPlayedMillis || 0) / 1000);
+
+        logger.info(
+          `Sonos reporting: type=${type}, trackId=${trackId}, reportId=${reportId}, ` +
+          `durationPlayed=${durationPlayedSeconds}s, position=${positionMillis}ms`
+        );
+
+        // For "final" reports, determine if we should scrobble
+        if (type === "final" && durationPlayedSeconds > 0) {
+          // Retrieve authentication from stream session storage
+          const session = streamSessions.get(trackId!);
+          let serviceToken: string | undefined = session?.serviceToken;
+
+          if (!serviceToken) {
+            // Fallback: try to extract from Authorization header (if present)
+            const authHeader = req.headers["authorization"];
+            if (authHeader && authHeader.startsWith("Bearer ")) {
+              const token = authHeader.substring(7);
+              const smapiToken = serverOpts.smapiTokenStore.get(token);
+              if (smapiToken) {
+                serviceToken = pipe(
+                  smapiAuthTokens.verify({ token, key: smapiToken.key }),
+                  E.getOrElseW(() => undefined)
+                );
+              }
+            }
+          }
+
+          if (serviceToken) {
+            await musicService.login(serviceToken).then((musicLibrary) => {
+              // Get track duration to determine scrobbling threshold
+              return musicLibrary.track(trackId!).then((track) => {
+                const shouldScrobble =
+                  (track.duration < 30 && durationPlayedSeconds >= 10) ||
+                  (track.duration >= 30 && durationPlayedSeconds >= 30);
+
+                if (shouldScrobble) {
+                  logger.info(`Scrobbling track ${trackId} after ${durationPlayedSeconds}s playback`);
+                  return musicLibrary.scrobble(trackId!);
+                } else {
+                  logger.debug(
+                    `Not scrobbling track ${trackId}: duration=${track.duration}s, played=${durationPlayedSeconds}s`
+                  );
+                  return Promise.resolve(false);
+                }
+              });
+            }).catch((e) => {
+              logger.error(`Failed to process scrobble for track ${trackId}`, { error: e });
+            });
+          } else {
+            logger.debug("No authentication available for reporting endpoint scrobble");
+          }
+        }
+        }
+      }
+
+      return res.status(200).json({ status: "ok" });
+    } catch (error) {
+      logger.error("Error processing Sonos reporting event", { error });
+      return res.status(500).json({ status: "error" });
+    }
+  });
+
   bindSmapiSoapServiceToExpress(
     app,
     SOAP_PATH,
@@ -607,7 +745,9 @@ function server(
     apiTokens,
     clock,
     i8n,
-    serverOpts.smapiAuthTokens
+    serverOpts.smapiAuthTokens,
+    serverOpts.smapiTokenStore,
+    serverOpts.logRequests
   );
 
   if (serverOpts.applyContextPath) {

src/smapi.ts

@@ -36,7 +36,11 @@ import {
   SmapiAuthTokens,
   SMAPI_FAULT_LOGIN_UNAUTHORIZED,
   ToSmapiFault,
+  SmapiToken,
 } from "./smapi_auth";
+import { InvalidTokenError } from "./smapi_auth";
+import { IncomingHttpHeaders } from "http2";
+import { SmapiTokenStore } from "./smapi_token_store";
 
 export const LOGIN_ROUTE = "/login";
 export const CREATE_REGISTRATION_ROUTE = "/registration/add";
@@ -161,17 +165,20 @@ class SonosSoap {
   bonobUrl: URLBuilder;
   smapiAuthTokens: SmapiAuthTokens;
   clock: Clock;
+  tokenStore: SmapiTokenStore;
 
   constructor(
     bonobUrl: URLBuilder,
     linkCodes: LinkCodes,
     smapiAuthTokens: SmapiAuthTokens,
-    clock: Clock
+    clock: Clock,
+    tokenStore: SmapiTokenStore
   ) {
     this.bonobUrl = bonobUrl;
     this.linkCodes = linkCodes;
     this.smapiAuthTokens = smapiAuthTokens;
     this.clock = clock;
+    this.tokenStore = tokenStore;
   }
 
   getAppLink(): GetAppLinkResult {
@@ -193,6 +200,11 @@ class SonosSoap {
     };
   }
 
+  reportAccountAction = (args: any, _headers: any) => {
+    logger.info('Sonos reportAccountAction: ' + JSON.stringify(args));
+    return {};
+  }
+
   getDeviceAuthToken({
     linkCode,
   }: {
@@ -233,6 +245,18 @@ class SonosSoap {
       };
     }
   }
+  getCredentialsForToken(token: string): SmapiToken | undefined {
+    logger.debug("getCredentialsForToken called with: " + token);
+    logger.debug("Current tokens: " + JSON.stringify(this.tokenStore.getAll()));
+    return this.tokenStore.get(token);
+  }
+  associateCredentialsForToken(token: string, fullSmapiToken: SmapiToken, oldToken?:string) {
+    logger.debug("Adding token: " + token + " " + JSON.stringify(fullSmapiToken));
+    if(oldToken) {
+      this.tokenStore.delete(oldToken);
+    }
+    this.tokenStore.set(token, fullSmapiToken);
+  }
 }
 
 export type ContainerType = "container" | "search" | "albumList";
@@ -380,9 +404,30 @@ function bindSmapiSoapServiceToExpress(
   apiKeys: APITokens,
   clock: Clock,
   i8n: I8N,
-  smapiAuthTokens: SmapiAuthTokens
+  smapiAuthTokens: SmapiAuthTokens,
+  tokenStore: SmapiTokenStore,
+  _logRequests: boolean
 ) {
-  const sonosSoap = new SonosSoap(bonobUrl, linkCodes, smapiAuthTokens, clock);
+  const sonosSoap = new SonosSoap(bonobUrl, linkCodes, smapiAuthTokens, clock, tokenStore);
+
+  // Clean up expired tokens on startup
+  try {
+    const cleaned = tokenStore.cleanupExpired(smapiAuthTokens);
+    if (cleaned > 0) {
+      logger.info(`Cleaned up ${cleaned} expired token(s) on startup`);
+    }
+  } catch (error) {
+    logger.error("Failed to cleanup expired tokens on startup", { error });
+  }
+
+  // Clean up expired tokens every hour
+  setInterval(() => {
+    try {
+      tokenStore.cleanupExpired(smapiAuthTokens);
+    } catch (error) {
+      logger.error("Failed to cleanup expired tokens", { error });
+    }
+  }, 60 * 60 * 1000).unref(); // Run every hour, but don't prevent process exit
 
   const urlWithToken = (accessToken: string) =>
     bonobUrl.append({
@@ -395,18 +440,39 @@ function bindSmapiSoapServiceToExpress(
     const credentialsFrom = E.fromNullable(new MissingLoginTokenError());
     return pipe(
       credentialsFrom(credentials),
-      E.chain((credentials) =>
+      E.chain((credentials) => {
-        pipe(
+        // Check if token/key is associated with a user
+        const smapiToken = sonosSoap.getCredentialsForToken(credentials.loginToken.token);
+        if (!smapiToken) {
+          logger.warn("Token not found in store - possibly old/expired token from Sonos cache. Try removing and re-adding the service in Sonos app.");
+          return E.left(new InvalidTokenError("Token not found"));
+        }
+
+        // If credentials don't have a key, use the stored one
+        const effectiveKey = credentials.loginToken.key || smapiToken.key;
+
+        if (smapiToken.key !== effectiveKey) {
+          logger.warn("Token key mismatch", { storedKey: smapiToken.key, providedKey: effectiveKey });
+          return E.left(new InvalidTokenError("Token key mismatch"));
+        }
+
+        return pipe(
           smapiAuthTokens.verify({
             token: credentials.loginToken.token,
-            key: credentials.loginToken.key,
+            key: effectiveKey,
           }),
           E.map((serviceToken) => ({
             serviceToken,
-            credentials,
+            credentials: {
+              ...credentials,
+              loginToken: {
+                ...credentials.loginToken,
+                key: effectiveKey,
+              },
+            },
           }))
-        )
+        );
-      ),
+      }),
       E.map(({ serviceToken, credentials }) => ({
         serviceToken,
         credentials,
@@ -415,7 +481,49 @@ function bindSmapiSoapServiceToExpress(
     );
   };
 
-  const login = async (credentials?: Credentials) => {
+  const swapToken = (expiredToken: string | undefined) => (newToken: SmapiToken) => {
+    logger.debug("oldToken: " + expiredToken);
+    logger.debug("newToken: " + JSON.stringify(newToken));
+    if (expiredToken) {
+      sonosSoap.associateCredentialsForToken(newToken.token, newToken, expiredToken);
+    } else {
+      sonosSoap.associateCredentialsForToken(newToken.token, newToken);
+    }
+    return TE.right(newToken);
+  }
+
+  const useHeaderIfPresent = (credentials?: Credentials, headers?: IncomingHttpHeaders) => {
+    const headersProvidedWithToken = headers!==null && headers!== undefined && headers["authorization"];
+    if(headersProvidedWithToken) {
+      logger.debug("Will use authorization header");
+      const bearer = headers["authorization"];
+      const token = bearer?.split(" ")[1];
+      if(token) {
+        const credsForToken = sonosSoap.getCredentialsForToken(token);
+        if(credsForToken==undefined) {
+          logger.debug("No creds for "+JSON.stringify(token));
+        } else {
+          credentials = {
+            ...credentials!,
+            loginToken: {
+              ...credentials?.loginToken!,
+              token: credsForToken.token,
+              key: credsForToken.key,
+            }
+          }
+          logger.debug("Updated credentials to " + JSON.stringify(credentials));
+        }
+      }
+    }
+    return credentials;
+  }
+
+  const login = async (credentials?: Credentials, headers?: IncomingHttpHeaders) => {
+
+    const credentialsProvidedWithoutAuthToken = credentials && credentials.loginToken.token==null;
+    if(credentialsProvidedWithoutAuthToken) {
+      credentials = useHeaderIfPresent(credentials, headers);
+    }
     const authOrFail = pipe(
       auth(credentials),
       E.getOrElseW((fault) => fault)
@@ -428,9 +536,16 @@ function bindSmapiSoapServiceToExpress(
           throw SMAPI_FAULT_LOGIN_UNAUTHORIZED;
         });
     } else if (isExpiredTokenError(authOrFail)) {
+      // Don't pass old token here to avoid circular reference issues with Jest/SOAP
+      // Old expired tokens will be cleaned up by TTL or manual cleanup later
+      logger.info("Token expired, attempting refresh...");
       throw await pipe(
         musicService.refreshToken(authOrFail.expiredToken),
-        TE.map((it) => smapiAuthTokens.issue(it.serviceToken)),
+        TE.map((it) => {
+          logger.info("Token refresh successful, issuing new SMAPI token");
+          return smapiAuthTokens.issue(it.serviceToken);
+        }),
+        TE.tap(swapToken(undefined)),
         TE.map((newToken) => ({
           Fault: {
             faultcode: "Client.TokenRefreshRequired",
@@ -443,7 +558,10 @@ function bindSmapiSoapServiceToExpress(
             },
           },
         })),
-        TE.getOrElse(() => T.of(SMAPI_FAULT_LOGIN_UNAUTHORIZED))
+        TE.getOrElse((err) => {
+          logger.error("Token refresh failed", { error: err });
+          return T.of(SMAPI_FAULT_LOGIN_UNAUTHORIZED);
+        })
       )();
     } else {
       throw authOrFail.toSmapiFault();
@@ -457,8 +575,18 @@ function bindSmapiSoapServiceToExpress(
       Sonos: {
         SonosSoap: {
           getAppLink: () => sonosSoap.getAppLink(),
-          getDeviceAuthToken: ({ linkCode }: { linkCode: string }) =>
+          reportAccountAction: (args: any) =>
-            sonosSoap.getDeviceAuthToken({ linkCode }),
+            sonosSoap.reportAccountAction(args, undefined),
+          getDeviceAuthToken: ({ linkCode }: { linkCode: string}) =>{
+            const deviceAuthTokenResult = sonosSoap.getDeviceAuthToken({ linkCode });
+            const smapiToken:SmapiToken = {
+              token: deviceAuthTokenResult.getDeviceAuthTokenResult.authToken,
+              key: deviceAuthTokenResult.getDeviceAuthTokenResult.privateKey
+            }
+  
+            sonosSoap.associateCredentialsForToken(smapiToken.token, smapiToken);
+            return deviceAuthTokenResult;
+          },
           getLastUpdate: () => ({
             getLastUpdateResult: {
               autoRefreshEnabled: true,
@@ -467,9 +595,11 @@ function bindSmapiSoapServiceToExpress(
               pollInterval: 60,
             },
           }),
-          refreshAuthToken: async (_, _2, soapyHeaders: SoapyHeaders) => {
+          refreshAuthToken: async (_, _2, soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">) => {
+            const creds = useHeaderIfPresent(soapyHeaders?.credentials, headers);
             const serviceToken = pipe(
-              auth(soapyHeaders?.credentials),
+              auth(creds),
               E.fold(
                 (fault) =>
                   isExpiredTokenError(fault)
@@ -481,9 +611,12 @@ function bindSmapiSoapServiceToExpress(
                 throw fault.toSmapiFault();
               })
             );
+            // Don't pass old token here to avoid circular reference issues with Jest/SOAP
+            // Old expired tokens will be cleaned up by TTL or manual cleanup later
             return pipe(
               musicService.refreshToken(serviceToken),
               TE.map((it) => smapiAuthTokens.issue(it.serviceToken)),
+              TE.tap(swapToken(undefined)), // ignores the return value, like a tee or peek
               TE.map((it) => ({
                 refreshAuthTokenResult: {
                   authToken: it.token,
@@ -498,9 +631,10 @@ function bindSmapiSoapServiceToExpress(
           getMediaURI: async (
             { id }: { id: string },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, credentials, type, typeId }) => {
                 switch (type) {
@@ -533,13 +667,15 @@ function bindSmapiSoapServiceToExpress(
                   default:
                     throw `Unsupported type:${type}`;
                   }
-              }),
+              });
+          },
           getMediaMetadata: async (
             { id }: { id: string },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(async ({ musicLibrary, apiKey, type, typeId }) => {
                 switch (type) {
@@ -554,13 +690,15 @@ function bindSmapiSoapServiceToExpress(
                   default:
                     throw `Unsupported type:${type}`;
                 }
-              }),
+              });
+          },
           search: async (
             { id, term }: { id: string; term: string },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(async ({ musicLibrary, apiKey }) => {
                 switch (id) {
@@ -586,15 +724,16 @@ function bindSmapiSoapServiceToExpress(
                     return musicLibrary.searchTracks(term).then((it) =>
                       searchResult({
                         count: it.length,
-                        mediaCollection: it.map((aTrack) =>
+                        mediaMetadata: it.map((aTrack) =>
-                          album(urlWithToken(apiKey), aTrack.album)
+                          track(urlWithToken(apiKey), aTrack)
                         ),
                       })
                     );
                   default:
                     throw `Unsupported search by:${id}`;
                 }
-              }),
+              });
+          },
           getExtendedMetadata: async (
             {
               id,
@@ -603,9 +742,10 @@ function bindSmapiSoapServiceToExpress(
             }: // recursive,
             { id: string; index: number; count: number; recursive: boolean },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(async ({ musicLibrary, apiKey, type, typeId }) => {
                 const paging = { _index: index, _count: count };
@@ -665,7 +805,8 @@ function bindSmapiSoapServiceToExpress(
                   default:
                     throw `Unsupported getExtendedMetadata id=${id}`;
                 }
-              }),
+              });
+          },
           getMetadata: async (
             {
               id,
@@ -676,12 +817,12 @@ function bindSmapiSoapServiceToExpress(
             _,
             soapyHeaders: SoapyHeaders,
             { headers }: Pick<Request, "headers">
-          ) =>
+          ) => {
-            login(soapyHeaders?.credentials)
+            const acceptLanguage = headers["accept-language"];
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, apiKey, type, typeId }) => {
                 const paging = { _index: index, _count: count };
-                const acceptLanguage = headers["accept-language"];
                 logger.debug(
                   `Fetching metadata type=${type}, typeId=${typeId}, acceptLanguage=${acceptLanguage}`
                 );
@@ -996,13 +1137,15 @@ function bindSmapiSoapServiceToExpress(
                   default:
                     throw `Unsupported getMetadata id=${id}`;
                 }
-              }),
+              });
+          },
           createContainer: async (
             { title, seedId }: { title: string; seedId: string | undefined },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(({ musicLibrary }) =>
                 musicLibrary
                   .createPlaylist(title)
@@ -1022,32 +1165,38 @@ function bindSmapiSoapServiceToExpress(
                   id: `playlist:${it.id}`,
                   updateId: "",
                 },
-              })),
+              }));
+          },
           deleteContainer: async (
             { id }: { id: string },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(({ musicLibrary }) => musicLibrary.deletePlaylist(id))
-              .then((_) => ({ deleteContainerResult: {} })),
+              .then((_) => ({ deleteContainerResult: {} }));
+          },
           addToContainer: async (
             { id, parentId }: { id: string; parentId: string },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, typeId }) =>
                 musicLibrary.addToPlaylist(parentId.split(":")[1]!, typeId)
               )
-              .then((_) => ({ addToContainerResult: { updateId: "" } })),
+              .then((_) => ({ addToContainerResult: { updateId: "" } }));
+          },
           removeFromContainer: async (
             { id, indices }: { id: string; indices: string },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then((it) => ({
                 ...it,
@@ -1064,25 +1213,29 @@ function bindSmapiSoapServiceToExpress(
                   musicLibrary.removeFromPlaylist(typeId, indices);
                 }
               })
-              .then((_) => ({ removeFromContainerResult: { updateId: "" } })),
+              .then((_) => ({ removeFromContainerResult: { updateId: "" } }));
+          },
           rateItem: async (
             { id, rating }: { id: string; rating: number },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, typeId }) =>
                 musicLibrary.rate(typeId, ratingFromInt(Math.abs(rating)))
               )
-              .then((_) => ({ rateItemResult: { shouldSkip: false } })),
+              .then((_) => ({ rateItemResult: { shouldSkip: false } }));
+          },
 
           setPlayedSeconds: async (
             { id, seconds }: { id: string; seconds: string },
             _,
-            soapyHeaders: SoapyHeaders
+            soapyHeaders: SoapyHeaders,
-          ) =>
+            { headers }: Pick<Request, "headers">
-            login(soapyHeaders?.credentials)
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, type, typeId }) => {
                 switch (type) {
@@ -1104,7 +1257,49 @@ function bindSmapiSoapServiceToExpress(
               })
               .then((_) => ({
                 setPlayedSecondsResult: {},
-              })),
+              }));
+          },
+
+          reportPlaySeconds: async (
+            { id, seconds }: { id: string; seconds: string },
+            _,
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
+              .then(splitId(id))
+              .then(({ type, typeId }) => {
+                if (type === "track") {
+                  logger.debug(`reportPlaySeconds called for track ${typeId}, seconds: ${seconds}`);
+                  // Return interval of 30 seconds for next update
+                  return Promise.resolve(true);
+                }
+                return Promise.resolve(true);
+              })
+              .then((_) => ({
+                reportPlaySecondsResult: { interval: 30 },
+              }));
+          },
+
+          reportPlayStatus: async (
+            { id, status }: { id: string; status: string },
+            _,
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
+              .then(splitId(id))
+              .then(({ musicLibrary, type, typeId }) => {
+                if (type === "track") {
+                  logger.info(`reportPlayStatus called for track ${typeId}, status: ${status}`);
+                  if (status === "PLAY_START" || status === "PAUSED_PLAYBACK") {
+                    return musicLibrary.nowPlaying(typeId);
+                  }
+                }
+                return Promise.resolve(true);
+              })
+              .then((_) => ({}));
+          },
         },
       },
     },

src/smapi_auth.ts

@@ -4,6 +4,8 @@ import { v4 as uuid } from "uuid";
 import { b64Decode, b64Encode } from "./b64";
 import { Clock } from "./clock";
 
+import logger from "./logger";
+
 export type SmapiFault = { Fault: { faultcode: string; faultstring: string } };
 export type SmapiRefreshTokenResultFault = SmapiFault & {
   Fault: {
@@ -14,6 +16,7 @@ export type SmapiRefreshTokenResultFault = SmapiFault & {
 };
 
 function isError(thing: any): thing is Error {
+  logger.debug("isError check", { thing });
   return thing.name && thing.message;
 }
 
@@ -151,6 +154,13 @@ export class JWTSmapiLoginTokens implements SmapiAuthTokens {
   };
 
   verify = (smapiToken: SmapiToken): E.Either<ToSmapiFault, string> => {
+    logger.debug("Verifying JWT", {
+      token: smapiToken.token,
+      key: smapiToken.key,
+      secret: this.secret,
+      version: this.version,
+      secretKey: this.secret + this.version + smapiToken.key,
+    });
     try {
       return E.right(
         (
@@ -161,7 +171,9 @@ export class JWTSmapiLoginTokens implements SmapiAuthTokens {
         ).serviceToken
       );
     } catch (e) {
+      const err = e as Error;
       if (isTokenExpiredError(e)) {
+        logger.debug("JWT token expired, will attempt refresh", { expiredAt: (e as TokenExpiredError).expiredAt });
         const serviceToken = (
           jwt.verify(
             smapiToken.token,
@@ -170,8 +182,11 @@ export class JWTSmapiLoginTokens implements SmapiAuthTokens {
           ) as any
         ).serviceToken;
         return E.left(new ExpiredTokenError(serviceToken));
-      } else if (isError(e)) return E.left(new InvalidTokenError(e.message));
+      } else {
+        logger.warn("JWT verification failed - token may be invalid or from different secret", { message: err.message });
+        if (isError(e)) return E.left(new InvalidTokenError(err.message));
         else return E.left(new InvalidTokenError("Failed to verify token"));
       }
+    }
   };
 }

src/smapi_token_store.ts

@@ -0,0 +1,164 @@
+import fs from "fs";
+import path from "path";
+import logger from "./logger";
+import { SmapiToken, SmapiAuthTokens } from "./smapi_auth";
+import { either as E } from "fp-ts";
+
+export interface SmapiTokenStore {
+  get(token: string): SmapiToken | undefined;
+  set(token: string, fullSmapiToken: SmapiToken): void;
+  delete(token: string): void;
+  getAll(): { [tokenKey: string]: SmapiToken };
+  cleanupExpired(smapiAuthTokens: SmapiAuthTokens): number;
+}
+
+export class InMemorySmapiTokenStore implements SmapiTokenStore {
+  private tokens: { [tokenKey: string]: SmapiToken } = {};
+
+  get(token: string): SmapiToken | undefined {
+    return this.tokens[token];
+  }
+
+  set(token: string, fullSmapiToken: SmapiToken): void {
+    this.tokens[token] = fullSmapiToken;
+  }
+
+  delete(token: string): void {
+    delete this.tokens[token];
+  }
+
+  getAll(): { [tokenKey: string]: SmapiToken } {
+    return this.tokens;
+  }
+
+  cleanupExpired(smapiAuthTokens: SmapiAuthTokens): number {
+    const tokenKeys = Object.keys(this.tokens);
+    let deletedCount = 0;
+
+    for (const tokenKey of tokenKeys) {
+      const smapiToken = this.tokens[tokenKey];
+      if (smapiToken) {
+        const verifyResult = smapiAuthTokens.verify(smapiToken);
+        // Only delete if token verification fails with InvalidTokenError
+        // Do NOT delete ExpiredTokenError as those can still be refreshed
+        if (E.isLeft(verifyResult)) {
+          const error = verifyResult.left;
+          // Only delete invalid tokens, not expired ones (which can be refreshed)
+          if (error._tag === 'InvalidTokenError') {
+            logger.debug(`Deleting invalid token from in-memory store`);
+            delete this.tokens[tokenKey];
+            deletedCount++;
+          }
+        }
+      }
+    }
+
+    if (deletedCount > 0) {
+      logger.info(`Cleaned up ${deletedCount} invalid token(s) from in-memory store`);
+    }
+
+    return deletedCount;
+  }
+}
+
+export class FileSmapiTokenStore implements SmapiTokenStore {
+  private tokens: { [tokenKey: string]: SmapiToken } = {};
+  private readonly filePath: string;
+
+  constructor(filePath: string) {
+    this.filePath = filePath;
+    this.loadFromFile();
+  }
+
+  private loadFromFile(): void {
+    try {
+      // Ensure the directory exists
+      const dir = path.dirname(this.filePath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+        logger.info(`Created token storage directory: ${dir}`);
+      }
+
+      // Load existing tokens if file exists
+      if (fs.existsSync(this.filePath)) {
+        const data = fs.readFileSync(this.filePath, "utf8");
+        this.tokens = JSON.parse(data);
+        logger.info(
+          `Loaded ${Object.keys(this.tokens).length} token(s) from ${this.filePath}`
+        );
+      } else {
+        logger.info(`No existing token file found at ${this.filePath}, starting fresh`);
+        this.tokens = {};
+        this.saveToFile();
+      }
+    } catch (error) {
+      logger.error(`Failed to load tokens from ${this.filePath}`, { error });
+      this.tokens = {};
+    }
+  }
+
+  private saveToFile(): void {
+    try {
+      // Ensure the directory exists before writing
+      const dir = path.dirname(this.filePath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+        logger.info(`Created token storage directory: ${dir}`);
+      }
+
+      const data = JSON.stringify(this.tokens, null, 2);
+      fs.writeFileSync(this.filePath, data, "utf8");
+      logger.debug(`Saved ${Object.keys(this.tokens).length} token(s) to ${this.filePath}`);
+    } catch (error) {
+      logger.error(`Failed to save tokens to ${this.filePath}`, { error });
+    }
+  }
+
+  get(token: string): SmapiToken | undefined {
+    return this.tokens[token];
+  }
+
+  set(token: string, fullSmapiToken: SmapiToken): void {
+    this.tokens[token] = fullSmapiToken;
+    this.saveToFile();
+  }
+
+  delete(token: string): void {
+    delete this.tokens[token];
+    this.saveToFile();
+  }
+
+  getAll(): { [tokenKey: string]: SmapiToken } {
+    return this.tokens;
+  }
+
+  cleanupExpired(smapiAuthTokens: SmapiAuthTokens): number {
+    const tokenKeys = Object.keys(this.tokens);
+    let deletedCount = 0;
+
+    for (const tokenKey of tokenKeys) {
+      const smapiToken = this.tokens[tokenKey];
+      if (smapiToken) {
+        const verifyResult = smapiAuthTokens.verify(smapiToken);
+        // Only delete if token verification fails with InvalidTokenError
+        // Do NOT delete ExpiredTokenError as those can still be refreshed
+        if (E.isLeft(verifyResult)) {
+          const error = verifyResult.left;
+          // Only delete invalid tokens, not expired ones (which can be refreshed)
+          if (error._tag === 'InvalidTokenError') {
+            logger.debug(`Deleting invalid token from file store`);
+            delete this.tokens[tokenKey];
+            deletedCount++;
+          }
+        }
+      }
+    }
+
+    if (deletedCount > 0) {
+      logger.info(`Cleaned up ${deletedCount} invalid token(s) from file store`);
+      this.saveToFile();
+    }
+
+    return deletedCount;
+  }
+}

src/subsonic.ts

@@ -638,8 +638,14 @@ export class SubsonicMusicLibrary implements MusicLibrary {
           id,
           submission: true,
         })
-        .then((_) => true)
+        .then((_) => {
-        .catch(() => false)
+          logger.debug(`Successfully scrobbled track ${id}`);
+          return true;
+        })
+        .catch((e) => {
+          logger.error(`Failed to scrobble track ${id}`, { error: e });
+          return false;
+        })
 
     nowPlaying = async (id: string) =>
         this.subsonic
@@ -647,8 +653,14 @@ export class SubsonicMusicLibrary implements MusicLibrary {
             id,
             submission: false,
           })
-          .then((_) => true)
+          .then((_) => {
-          .catch(() => false)
+            logger.debug(`Successfully reported now playing for track ${id}`);
+            return true;
+          })
+          .catch((e) => {
+            logger.error(`Failed to report now playing for track ${id}`, { error: e });
+            return false;
+          })
 
     searchArtists = async (query: string) =>
         this.subsonic
@@ -681,7 +693,7 @@ export class SubsonicMusicLibrary implements MusicLibrary {
     playlists = async () =>
       this.subsonic
         .getJSON<GetPlaylistsResponse>(this.credentials, "/rest/getPlaylists")
-        .then(({ playlists }) => (playlists.playlist || []).map(asPlayListSummary))
+        .then(({ playlists }) => (playlists?.playlist || []).map(asPlayListSummary))
 
     playlist = async (id: string) =>
       this.subsonic

tests/smapi.test.ts

@@ -984,8 +984,8 @@ describe("wsdl api", () => {
                 });
                 expect(result[0]).toEqual(
                   searchResult({
-                    mediaCollection: tracks.map((it) =>
+                    mediaMetadata: tracks.map((it) =>
-                      album(bonobUrlWithAccessToken, it.album)
+                      track(bonobUrlWithAccessToken, it)
                     ),
                     index: 0,
                     total: 2,