Playlist update again

.github/workflows/ci.yml

@@ -47,21 +47,19 @@ jobs:
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             simojenki/bonob
             ghcr.io/simojenki/bonob
       -
         name: Login to DockerHub
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Log in to GitHub Container registry
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
@@ -69,10 +67,10 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Push image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm/v7,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -10,4 +10,7 @@ node_modules
 !.yarn/plugins
 !.yarn/sdks
 !.yarn/versions
-.pnp.*
+.pnp.*
+log.txt
+navidrome.txt
+bonob.txt

CLAUDE.md

@@ -0,0 +1,187 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+bonob is a Sonos SMAPI (Sonos Music API) implementation that bridges Subsonic API clones (like Navidrome and Gonic) with Sonos devices. It acts as a middleware service that translates between the Subsonic API and Sonos's proprietary music service protocol, allowing users to stream their personal music libraries to Sonos speakers.
+
+## Development Commands
+
+### Building and Running
+```bash
+# Build TypeScript to JavaScript
+npm run build
+
+# Development mode with auto-reload (requires environment variables)
+npm run dev
+# OR with auto-registration
+npm run devr
+
+# Register bonob service with Sonos devices
+npm run register-dev
+```
+
+### Testing
+```bash
+# Run all tests
+npm test
+
+# Run tests in watch mode
+npm run testw
+
+# Set custom test timeout (default: 5000ms)
+JEST_TIMEOUT=10000 npm test
+```
+
+### Environment Variables for Development
+When running locally, you need to set several environment variables:
+- `BNB_DEV_HOST_IP`: Your machine's IP address (so Sonos can reach bonob)
+- `BNB_DEV_SONOS_DEVICE_IP`: IP address of a Sonos device for discovery
+- `BNB_DEV_SUBSONIC_URL`: URL of your Subsonic API server (e.g., Navidrome)
+
+## Architecture
+
+### Core Components
+
+**`src/app.ts`** - Application entry point
+- Reads configuration from environment variables
+- Initializes all services (Subsonic, Sonos, authentication)
+- Wires together the Express server with appropriate dependencies
+- Handles SIGTERM for graceful shutdown
+
+**`src/server.ts`** - Express HTTP server
+- Serves web UI for service registration and login
+- Handles music streaming (`/stream/track/:id`)
+- Generates icons and cover art (`/icon/...`, `/art/...`)
+- Serves Sonos-specific XML files (strings, presentation map)
+- Binds SOAP service for Sonos SMAPI communication
+
+**`src/smapi.ts`** - Sonos SMAPI SOAP implementation (1200+ lines)
+- Implements the Sonos Music API Protocol via SOAP/XML
+- Core operations: `getMetadata`, `getMediaURI`, `search`, `getExtendedMetadata`
+- Handles authentication flow with link codes and device auth tokens
+- Manages token refresh and session management
+- Maps music library concepts to Sonos browse hierarchy
+
+**`src/subsonic.ts`** - Subsonic API client
+- Implements `MusicService` and `MusicLibrary` interfaces
+- Handles authentication with Subsonic servers using token-based auth
+- Translates between Subsonic data models and bonob's domain types
+- Supports custom player configurations for transcoding
+- Special handling for Navidrome (bearer token authentication)
+- Implements artist image fetching with optional caching
+
+**`src/music_service.ts`** - Core domain types and interfaces
+- Defines `MusicService` interface (auth and login)
+- Defines `MusicLibrary` interface (browsing, search, streaming, rating, scrobbling)
+- Domain types: `Artist`, `Album`, `Track`, `Playlist`, `Genre`, `Rating`, etc.
+- Uses `fp-ts` for functional programming patterns (`TaskEither`, `Option`, `Either`)
+
+**`src/sonos.ts`** - Sonos device discovery and registration
+- Discovers Sonos devices on the network using SSDP/UPnP
+- Registers/unregisters bonob as a music service with Sonos systems
+- Supports both auto-discovery and seed-host based discovery
+- Uses `@svrooij/sonos` library for device communication
+
+**`src/smapi_auth.ts`** - Authentication token management
+- Implements JWT-based SMAPI tokens (token + key pairs)
+- Handles token verification and expiry
+- Token refresh flow using `fp-ts` `TaskEither`
+
+**`src/config.ts`** - Configuration management
+- Reads and validates environment variables (all prefixed with `BNB_`)
+- Legacy environment variable support (BONOB_ prefix)
+- Type-safe configuration with defaults
+
+### Key Abstractions
+
+**BUrn (Bonob URN)** - Resource identifier system (`src/burn.ts`)
+- Format: `{ system: string, resource: string }`
+- Systems: `subsonic` (for cover art), `external` (for URLs like Spotify images)
+- Used for abstracting art/image sources across different backends
+
+**URL Builder** (`src/url_builder.ts`)
+- Wraps URL manipulation with a builder pattern
+- Handles context path for reverse proxy deployments
+- Used throughout for generating URLs that Sonos devices can access
+
+**Custom Players** (`src/subsonic.ts`)
+- Allows mime-type specific transcoding configurations
+- Maps source mime types to transcoded types
+- Creates custom "client" names in Subsonic (e.g., "bonob+audio/flac")
+- Example: `BNB_SUBSONIC_CUSTOM_CLIENTS="audio/flac>audio/mp3"`
+
+### Data Flow
+
+1. **Sonos App Request** → SOAP endpoint (`/ws/sonos`)
+2. **SOAP Service** → Verifies auth token, calls `MusicLibrary` methods
+3. **MusicLibrary** → Makes Subsonic API calls, transforms data
+4. **SOAP Response** → Returns XML formatted for Sonos
+
+For streaming:
+1. **Sonos Device** → `GET /stream/track/:id` with custom headers (bnbt, bnbk)
+2. **Stream Handler** → Verifies token, calls `MusicLibrary.stream()`
+3. **Subsonic Stream** → Proxies audio with proper mime-type handling
+4. **Response** → Streams audio to Sonos, reports "now playing"
+
+### Icon System (`src/icon.ts`)
+- SVG-based icon generation with dynamic colors
+- Supports foreground/background color customization via `BNB_ICON_FOREGROUND_COLOR` and `BNB_ICON_BACKGROUND_COLOR`
+- Genre-specific icons
+- Text overlay support (e.g., year icons like "1984")
+- Holiday/festival decorations (auto-applied based on date)
+- Legacy mode: renders to 80x80 PNG for older Sonos systems
+
+### Authentication Flow
+1. Sonos app requests link code via `getAppLink()`
+2. User visits login URL with link code
+3. User enters Subsonic credentials
+4. bonob validates with Subsonic, generates service token
+5. bonob associates link code with service token
+6. Sonos polls `getDeviceAuthToken()` with link code
+7. bonob returns SMAPI token (JWT) to Sonos
+8. Subsequent requests use SMAPI token, which maps to service token
+
+### Testing Philosophy
+- Jest with ts-jest preset
+- In-memory implementations for `LinkCodes`, `APITokens` for testing
+- Mocking with `ts-mockito`
+- Test helpers in `tests/` directory
+- Console.log suppressed in tests (see `tests/setup.js`)
+
+## Common Patterns
+
+### Error Handling
+- Use `fp-ts` `TaskEither<AuthFailure, T>` for async operations that can fail with auth errors
+- SOAP faults for Sonos-specific errors (see SMAPI_FAULT_* constants)
+- Promise-based error handling with `.catch()` for most async operations
+
+### Type Safety
+- Strict TypeScript (`strict: true`, `noImplicitAny: true`, `noUncheckedIndexedAccess: true`)
+- Extensive use of discriminated unions
+- Interface-based design for pluggable services
+
+### Logging
+- Winston-based logger (`src/logger.ts`)
+- Log level controlled by `BNB_LOG_LEVEL`
+- Request logging optional via `BNB_SERVER_LOG_REQUESTS`
+
+### Functional Programming
+- Heavy use of `fp-ts` for `Option`, `Either`, `TaskEither`
+- Pipe-based composition (`pipe(data, fn1, fn2, ...)`)
+- Immutable data transformations
+
+## File Organization
+- `src/` - TypeScript source code
+- `tests/` - Jest test files (mirrors src/ structure)
+- `build/` - Compiled JavaScript (gitignored)
+- `web/` - HTML templates (Eta templating) and static assets
+- `typings/` - Custom TypeScript definitions
+
+## Important Constraints
+- bonob must be accessible from Sonos devices at `BNB_URL`
+- `BNB_URL` cannot contain "localhost" (validation error)
+- Sonos requires specific XML formats (SMAPI WSDL v1.19.6)
+- Streaming must handle HTTP range requests for seek functionality
+- Token lifetime (`BNB_AUTH_TIMEOUT`) should be less than Subsonic session timeout

DOCUMENTATION.md

@@ -0,0 +1,91 @@
+# Bonob Source Code Documentation
+
+This document provides an overview of the source files in the `src` directory, explaining the purpose and functionality of each.
+
+### `api_tokens.ts`
+
+Manages API tokens for authentication. It includes an in-memory implementation for storing and retrieving tokens, using SHA256 to mint new tokens.
+
+### `app.ts`
+
+This is the main entry point of the application. It initializes the server, configures the music service (Subsonic), and sets up the integration with Sonos. It reads the application config, sets up the Subsonic connection, and starts the Express server.
+
+### `b64.ts`
+
+Provides simple utility functions for Base64 encoding and decoding of strings.
+
+### `burn.ts`
+
+Handles the creation and parsing of "Bonob URNs" (BURNs), which are unique resource identifiers used within the system. It supports encryption and shorthand notations for more compact URNs.
+
+### `clock.ts`
+
+Provides an abstraction for time-related functions, which is useful for testing. It includes a `SystemClock` that uses the actual system time and a `FixedClock` for tests. It also contains logic for detecting special dates like Christmas and Halloween for seasonal features.
+
+### `config.ts`
+
+Manages the application's configuration by reading environment variables. It defines settings for the server, Sonos integration, Subsonic connection, and other features like scrobbling.
+
+### `encryption.ts`
+
+Implements encryption and decryption functionality using JSON Web Signatures (JWS). It provides a simple interface for encrypting and decrypting strings.
+
+### `i8n.ts`
+
+Handles internationalization (i18n) by providing translations for different languages supported by the Sonos app. It includes translations for UI elements and messages.
+
+### `icon.ts`
+
+Manages SVG icons used in the Sonos app. It allows for transformations like changing colors and applying special styles for festivals and holidays.
+
+### `link_codes.ts`
+
+Implements a system for linking Sonos devices with user accounts. It generates temporary codes that users can use to log in and associate their accounts.
+
+### `logger.ts`
+
+Configures the application-wide logger using Winston. It sets up logging levels and formats.
+
+### `music_service.ts`
+
+Defines the interfaces for a generic music service. This includes methods for authentication, browsing content (artists, albums, tracks), streaming audio, and managing playlists.
+
+### `register.ts`
+
+A command-line script used to register the Bonob service with Sonos devices on the local network.
+
+### `registrar.ts`
+
+Contains the core logic for registering the Bonob service with Sonos devices. It fetches service details from the Bonob server and sends the registration request to a Sonos device.
+
+### `server.ts`
+
+Sets up the Express web server. It defines the routes for the web interface, the Sonos Music API (SMAPI) endpoints, and audio streaming. It also handles user authentication and session management.
+
+### `smapi_auth.ts`
+
+Handles authentication for the Sonos Music API (SMAPI). It is responsible for issuing and verifying JWTs (JSON Web Tokens) that secure the communication between Sonos devices and the Bonob server.
+
+### `smapi_token_store.ts`
+
+Provides an interface and two implementations (in-memory and file-based) for storing SMAPI authentication tokens. This allows the server to persist user sessions.
+
+### `smapi.ts`
+
+Implements the Sonos Music API (SMAPI) using SOAP. This file is responsible for handling all the requests from Sonos devices, such as browsing music, searching, and getting track metadata.
+
+### `sonos.ts`
+
+Manages interactions with Sonos devices on the local network. This includes device discovery and service registration.
+
+### `subsonic.ts`
+
+Implements the `MusicService` interface for Subsonic-compatible media servers (like Navidrome). It handles all communication with the Subsonic API to fetch music data and stream audio.
+
+### `url_builder.ts`
+
+A utility class for building and manipulating URLs in a structured way.
+
+### `utils.ts`
+
+Contains miscellaneous utility functions used throughout the application, such as a function for tidying up XML strings.

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22-bullseye-slim AS build
+FROM node:22-trixie-slim AS build
 
 WORKDIR /bonob
 
@@ -36,12 +36,12 @@ RUN apt-get update && \
     NODE_ENV=production npm install --omit=dev
 
 
-FROM node:22-bullseye-slim
+FROM node:22-trixie-slim
 
-LABEL   maintainer="simojenki" \
-        org.opencontainers.image.source="https://github.com/simojenki/bonob" \
-        org.opencontainers.image.description="bonob SONOS SMAPI implementation" \
-        org.opencontainers.image.licenses="GPLv3"
+LABEL maintainer="simojenki" \
+      org.opencontainers.image.source="https://github.com/simojenki/bonob" \
+      org.opencontainers.image.description="bonob SONOS SMAPI implementation" \
+      org.opencontainers.image.licenses="GPLv3"
 
 ENV BNB_PORT=4534
 ENV DEBIAN_FRONTEND=noninteractive

UPDATES.md

@@ -0,0 +1,45 @@
+# Updates for SMAPI
+
+Run Bonob on your server.
+
+Bonob now needs a volume to store OAuth Tokens. In the example below that directory is `/var/containers/bonob`. Adapt as needed.
+Also the example below uses a `bonob` user on the system with ID `1210` and group `100`. The directory should be owned by that user.
+
+Example systemd file (`/usr/lib/systemd/system/bonob.service`):
+```
+[Unit]
+Description=bonob Container Service
+Wants=network.target
+After=network-online.target
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=always
+ExecStartPre=-/usr/bin/podman rm -f bonob
+ExecStart=/usr/bin/podman run --rm \
+  --name bonob \
+  --label "io.containers.autoupdate=image" \
+  --user 1210:100 \
+  --env BNB_SONOS_SERVICE_NAME="Navidrome" \
+  --env BNB_PORT=8200 \
+  --env BNB_URL="https://bonob.mydomain.com" \
+  --env BNB_SECRET="Some random string" \
+  --env BNB_SONOS_SERVICE_ID=Your Sonos ID \
+  --env BNB_SUBSONIC_URL=https://music.mydomain.com \
+  --env BNB_ICON_FOREGROUND_COLOR="black" \
+  --env BNB_ICON_BACKGROUND_COLOR="#65d7f4" \
+  --env BNB_SONOS_AUTO_REGISTER=false \
+  --env BNB_SONOS_DEVICE_DISCOVERY=false \
+  --env BNB_LOG_LEVEL="info" \
+  --env TZ="Europe/Vienna" \
+  --volume /var/containers/bonob:/config:Z \
+  --publish 8200:8200 \
+  quay.io/wkulhanek/bonob:latest
+ExecStop=/usr/bin/podman rm -f bonob
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=bonob
+
+[Install]
+WantedBy=multi-user.target default.target
+```

package-lock.json

@@ -22,6 +22,7 @@
         "@types/xmldom": "^0.1.34",
         "@xmldom/xmldom": "^0.9.7",
         "axios": "^1.7.8",
+        "better-sqlite3": "^12.4.1",
         "dayjs": "^1.11.13",
         "eta": "^2.2.0",
         "express": "^4.18.3",
@@ -44,6 +45,7 @@
         "xpath": "^0.0.34"
       },
       "devDependencies": {
+        "@types/better-sqlite3": "^7.6.13",
         "@types/chai": "^5.0.1",
         "@types/jest": "^29.5.14",
         "@types/mocha": "^10.0.10",
@@ -1592,6 +1594,16 @@
         "@babel/types": "^7.20.7"
       }
     },
+    "node_modules/@types/better-sqlite3": {
+      "version": "7.6.13",
+      "resolved": "https://registry.npmjs.org/@types/better-sqlite3/-/better-sqlite3-7.6.13.tgz",
+      "integrity": "sha512-NMv9ASNARoKksWtsq/SHakpYAYnhBrQgGD8zkLYk/jaK8jUGn08CfEdTRgYhMypUQAfzSP8W6gNLe0q19/t4VA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/body-parser": {
       "version": "1.19.5",
       "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz",
@@ -2178,6 +2190,26 @@
       "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
       "dev": true
     },
+    "node_modules/base64-js": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
     "node_modules/basic-auth": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
@@ -2194,6 +2226,20 @@
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
+    "node_modules/better-sqlite3": {
+      "version": "12.4.1",
+      "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.4.1.tgz",
+      "integrity": "sha512-3yVdyZhklTiNrtg+4WqHpJpFDd+WHTg2oM7UcR80GqL05AOV0xEJzc6qNvFYoEtE+hRp1n9MpN6/+4yhlGkDXQ==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "bindings": "^1.5.0",
+        "prebuild-install": "^7.1.1"
+      },
+      "engines": {
+        "node": "20.x || 22.x || 23.x || 24.x"
+      }
+    },
     "node_modules/binary-extensions": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
@@ -2203,6 +2249,26 @@
         "node": ">=8"
       }
     },
+    "node_modules/bindings": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",
+      "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==",
+      "license": "MIT",
+      "dependencies": {
+        "file-uri-to-path": "1.0.0"
+      }
+    },
+    "node_modules/bl": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
+      "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==",
+      "license": "MIT",
+      "dependencies": {
+        "buffer": "^5.5.0",
+        "inherits": "^2.0.4",
+        "readable-stream": "^3.4.0"
+      }
+    },
     "node_modules/blob-util": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/blob-util/-/blob-util-2.0.2.tgz",
@@ -2328,6 +2394,30 @@
         "node-int64": "^0.4.0"
       }
     },
+    "node_modules/buffer": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
+      "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "base64-js": "^1.3.1",
+        "ieee754": "^1.1.13"
+      }
+    },
     "node_modules/buffer-equal-constant-time": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
@@ -2490,6 +2580,12 @@
         "fsevents": "~2.3.2"
       }
     },
+    "node_modules/chownr": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz",
+      "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==",
+      "license": "ISC"
+    },
     "node_modules/ci-info": {
       "version": "3.9.0",
       "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz",
@@ -2772,6 +2868,21 @@
         }
       }
     },
+    "node_modules/decompress-response": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz",
+      "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==",
+      "license": "MIT",
+      "dependencies": {
+        "mimic-response": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/dedent": {
       "version": "1.5.1",
       "resolved": "https://registry.npmjs.org/dedent/-/dedent-1.5.1.tgz",
@@ -2795,6 +2906,15 @@
         "node": ">=6"
       }
     },
+    "node_modules/deep-extend": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz",
+      "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
     "node_modules/deepmerge": {
       "version": "4.3.1",
       "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz",
@@ -3024,29 +3144,13 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/encoding": {
-      "version": "0.1.13",
-      "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz",
-      "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==",
+    "node_modules/end-of-stream": {
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+      "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
       "license": "MIT",
-      "optional": true,
-      "peer": true,
       "dependencies": {
-        "iconv-lite": "^0.6.2"
-      }
-    },
-    "node_modules/encoding/node_modules/iconv-lite": {
-      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
-      "license": "MIT",
-      "optional": true,
-      "peer": true,
-      "dependencies": {
-        "safer-buffer": ">= 2.1.2 < 3.0.0"
-      },
-      "engines": {
-        "node": ">=0.10.0"
+        "once": "^1.4.0"
       }
     },
     "node_modules/entities": {
@@ -3180,6 +3284,15 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/expand-template": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/expand-template/-/expand-template-2.0.3.tgz",
+      "integrity": "sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==",
+      "license": "(MIT OR WTFPL)",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/expect": {
       "version": "29.7.0",
       "resolved": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz",
@@ -3345,6 +3458,12 @@
         "node": ">=6"
       }
     },
+    "node_modules/file-uri-to-path": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
+      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
+      "license": "MIT"
+    },
     "node_modules/filelist": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz",
@@ -3510,6 +3629,12 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/fs-constants": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
+      "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==",
+      "license": "MIT"
+    },
     "node_modules/fs-extra": {
       "version": "11.2.0",
       "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz",
@@ -3630,6 +3755,12 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/github-from-package": {
+      "version": "0.0.0",
+      "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz",
+      "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==",
+      "license": "MIT"
+    },
     "node_modules/glob": {
       "version": "7.2.3",
       "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
@@ -3824,6 +3955,26 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/ieee754": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+      "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "BSD-3-Clause"
+    },
     "node_modules/ignore-by-default": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/ignore-by-default/-/ignore-by-default-1.0.1.tgz",
@@ -3922,6 +4073,12 @@
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
       "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
     },
+    "node_modules/ini": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz",
+      "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==",
+      "license": "ISC"
+    },
     "node_modules/iobuffer": {
       "version": "5.3.2",
       "resolved": "https://registry.npmjs.org/iobuffer/-/iobuffer-5.3.2.tgz",
@@ -5218,6 +5375,18 @@
         "node": ">=6"
       }
     },
+    "node_modules/mimic-response": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz",
+      "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/minimalistic-assert": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
@@ -5235,6 +5404,21 @@
         "node": "*"
       }
     },
+    "node_modules/minimist": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/mkdirp-classic": {
+      "version": "0.5.3",
+      "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz",
+      "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==",
+      "license": "MIT"
+    },
     "node_modules/ml-array-max": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/ml-array-max/-/ml-array-max-1.2.4.tgz",
@@ -5507,6 +5691,12 @@
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
       "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
     },
+    "node_modules/napi-build-utils": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/napi-build-utils/-/napi-build-utils-2.0.0.tgz",
+      "integrity": "sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==",
+      "license": "MIT"
+    },
     "node_modules/natural-compare": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
@@ -5533,6 +5723,30 @@
       "integrity": "sha512-+z6QY1SxkDk6CQJAeaIZKmcNubBCRP7J8DMQUBglz/sSkNsZoJ1kULjqk9skNPPplzs4i9PFhYrvNDdtQleF/A==",
       "dev": true
     },
+    "node_modules/node-abi": {
+      "version": "3.78.0",
+      "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.78.0.tgz",
+      "integrity": "sha512-E2wEyrgX/CqvicaQYU3Ze1PFGjc4QYPGsjUrlYkqAE0WjHEZwgOsGMPMzkMse4LjJbDmaEuDX3CM036j5K2DSQ==",
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.3.5"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/node-abi/node_modules/semver": {
+      "version": "7.7.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
+      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/node-fetch": {
       "version": "2.7.0",
       "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
@@ -5923,6 +6137,32 @@
         "node": ">=8"
       }
     },
+    "node_modules/prebuild-install": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.3.tgz",
+      "integrity": "sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug==",
+      "license": "MIT",
+      "dependencies": {
+        "detect-libc": "^2.0.0",
+        "expand-template": "^2.0.3",
+        "github-from-package": "0.0.0",
+        "minimist": "^1.2.3",
+        "mkdirp-classic": "^0.5.3",
+        "napi-build-utils": "^2.0.0",
+        "node-abi": "^3.3.0",
+        "pump": "^3.0.0",
+        "rc": "^1.2.7",
+        "simple-get": "^4.0.0",
+        "tar-fs": "^2.0.0",
+        "tunnel-agent": "^0.6.0"
+      },
+      "bin": {
+        "prebuild-install": "bin.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/pretty-format": {
       "version": "29.7.0",
       "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz",
@@ -5985,6 +6225,16 @@
       "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==",
       "dev": true
     },
+    "node_modules/pump": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.3.tgz",
+      "integrity": "sha512-todwxLMY7/heScKmntwQG8CXVkWUOdYxIvY2s0VWAAMh/nd8SoYiRaKjlr7+iCs984f2P8zvrfWcDDYVb73NfA==",
+      "license": "MIT",
+      "dependencies": {
+        "end-of-stream": "^1.1.0",
+        "once": "^1.3.1"
+      }
+    },
     "node_modules/pure-rand": {
       "version": "6.0.4",
       "resolved": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.0.4.tgz",
@@ -6059,6 +6309,30 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/rc": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz",
+      "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==",
+      "license": "(BSD-2-Clause OR MIT OR Apache-2.0)",
+      "dependencies": {
+        "deep-extend": "^0.6.0",
+        "ini": "~1.3.0",
+        "minimist": "^1.2.0",
+        "strip-json-comments": "~2.0.1"
+      },
+      "bin": {
+        "rc": "cli.js"
+      }
+    },
+    "node_modules/rc/node_modules/strip-json-comments": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
+      "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/react-is": {
       "version": "18.2.0",
       "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
@@ -6442,6 +6716,51 @@
       "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
       "dev": true
     },
+    "node_modules/simple-concat": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/simple-concat/-/simple-concat-1.0.1.tgz",
+      "integrity": "sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/simple-get": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/simple-get/-/simple-get-4.0.1.tgz",
+      "integrity": "sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "decompress-response": "^6.0.0",
+        "once": "^1.3.1",
+        "simple-concat": "^1.0.0"
+      }
+    },
     "node_modules/simple-swizzle": {
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz",
@@ -6771,6 +7090,34 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/tar-fs": {
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz",
+      "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "chownr": "^1.1.1",
+        "mkdirp-classic": "^0.5.2",
+        "pump": "^3.0.0",
+        "tar-stream": "^2.1.4"
+      }
+    },
+    "node_modules/tar-stream": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz",
+      "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==",
+      "license": "MIT",
+      "dependencies": {
+        "bl": "^4.0.3",
+        "end-of-stream": "^1.4.1",
+        "fs-constants": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^3.1.1"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/test-exclude": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz",
@@ -7015,6 +7362,18 @@
       "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==",
       "optional": true
     },
+    "node_modules/tunnel-agent": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
+      "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "safe-buffer": "^5.0.1"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
     "node_modules/two-product": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/two-product/-/two-product-1.0.2.tgz",

package.json

@@ -19,6 +19,7 @@
     "@types/xmldom": "^0.1.34",
     "@xmldom/xmldom": "^0.9.7",
     "axios": "^1.7.8",
+    "better-sqlite3": "^12.4.1",
     "dayjs": "^1.11.13",
     "eta": "^2.2.0",
     "express": "^4.18.3",
@@ -41,6 +42,7 @@
     "xpath": "^0.0.34"
   },
   "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
     "@types/chai": "^5.0.1",
     "@types/jest": "^29.5.14",
     "@types/mocha": "^10.0.10",

sonos_service/SONOS_SERVICE.adoc

@@ -0,0 +1,85 @@
+= Setting up Sonos Service
+
+== Prerequisites
+* In your Sonos App get your Sonos ID (About my Sonos System)
++
+image::images/about.png[]
+
+* Navidrome running and available from the Internet. E.g. via https://music.mydomain.com
+* Bonob running and available from the Internet. E.g. via https://bonob.mydomain.com
+
+You can use any method to make these URLs available. Cloudflare Tunnels, Pangolin, reverse proxy, etc.
+
+== Sonos Service Integration
+
+* Log into https://play.sonos.com
+* Once logged in go to https://developer.sonos.com/s/integrations
+
+* Create a *New Content Integration*
+
+** General Information
+*** Service Name: Navidrome
+*** Service Availability: Global
+*** Checkbox checked
+*** Website/Social Media URLs: https://music.mydomain.com (Some URL - e.g. your Navidrome server)
+
+** Sonos Music API
+*** Integration ID: com.mydomain.music (your domain in reverse)
+*** Configuration Label: 1.0
+*** SMAPI Endpoint: https://bonob.mydomain.com/ws/sonos
+*** SMAPI Endpoint Version: 1.1
+*** Radio Endpoint: empty
+*** Reporting Endpoint: https://bonob.mydomain.com/report/v1
+*** Reporting Endpoint Version: 2.3
+*** Authentication Method: OAuth
+*** Redirect: https://bonob.mydomain.com/login
+*** Auth Token Time To Life: Empty
+*** Browse/Search Results Page Size: 100
+*** Polling Interval: 60
+
+** Brand Assets
+
+*** Just upload the various assets from the `sonos_artwork` directory.
+
+** Localization Resources
+
+*** Write something about your service in the various fields (except Explicit Filter Description).
+
+** Integration Capabilities
+
+*** Check the first two (*Enable Extended Metadata* and *Enable Extended Metadata for Playlists*) and nothing else.
+
+** Image Replacement Rules
+
+*** No changes
+
+** Browse Options
+
+*** No changes
+
+** Search Capabilities
+
+*** API Catalog Type: SMAPI Catalog
+*** Catalog Title: Music
+*** Catalog Type: GLOBAL
+
+*** Add Three Categories with ID and Mapped ID:
++
+Albums - albums
+Artists - artists
+Tracks - tracks
+
+** Content Actions
+
+*** No changes
+
+** Service Deployment Settings
+
+*** Sonos ID: Your Sonos ID (from About my system). This is how only your controller sees the new service.
+*** System Name: Whatever you want
+
+** Service Configuration
+
+*** Click on *Refresh* and then *Send*. You should get a success message that you can dismiss with *Done*.
+
+* In your app search for your service name and add Service in your app as usual.

sonos_service/sonos_artwork/service_logo_200x800.svg

@@ -0,0 +1,18 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="800" height="200" viewBox="0 0 800 200" role="img" aria-labelledby="title desc">
+  <title id="title">Bonob Subsonic Logo</title>
+  <desc id="desc">A blue music-note icon with family dots on the left, followed by stacked text Bonob Navidrome in blue.</desc>
+
+  <!-- Icon (scaled and positioned) -->
+  <g transform="translate(20,20) scale(4)">
+    <rect x="0" y="0" width="40" height="40" rx="6" ry="6" fill="#1976d2"/>
+    <circle cx="11.5" cy="15.5" r="1.6" fill="#ffffff"/>
+    <circle cx="11.5" cy="22.5" r="1.6" fill="#ffffff"/>
+    <circle cx="22" cy="26" r="4" fill="#ffffff"/>
+    <rect x="24" y="10" width="1.6" height="16" rx="0.8" fill="#ffffff"/>
+    <path d="M25.6 11.2 C29.0 10.6 30.2 13.6 27.4 14.6 C29.2 15.4 27.6 16.6 25.6 15.8 Z" fill="#ffffff"/>
+  </g>
+
+  <!-- Text stacked in two lines -->
+  <text x="240" y="90" font-family="Arial, Helvetica, sans-serif" font-size="80" fill="#1976d2">Bonob</text>
+  <text x="240" y="160" font-family="Arial, Helvetica, sans-serif" font-size="80" fill="#1976d2">Navidrome</text>
+</svg>

sonos_service/sonos_artwork/service_logo_20x180.svg

@@ -0,0 +1,19 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="180" height="20" viewBox="0 0 180 20" role="img" aria-labelledby="title desc">
+  <title id="title">Bonob Subsonic Logo</title>
+  <desc id="desc">A blue music-note icon with family dots, followed by the text Bonob Subsonic in blue.</desc>
+
+  <!-- Icon scaled down to fit height -->
+  <g transform="scale(0.45) translate(0,0)">
+    <rect x="0" y="0" width="40" height="40" rx="6" ry="6" fill="#1976d2"/>
+    <circle cx="11.5" cy="15.5" r="1.6" fill="#ffffff"/>
+    <circle cx="11.5" cy="22.5" r="1.6" fill="#ffffff"/>
+    <circle cx="22" cy="26" r="4" fill="#ffffff"/>
+    <rect x="24" y="10" width="1.6" height="16" rx="0.8" fill="#ffffff"/>
+    <path d="M25.6 11.2 C29.0 10.6 30.2 13.6 27.4 14.6 C29.2 15.4 27.6 16.6 25.6 15.8 Z" fill="#ffffff"/>
+  </g>
+
+  <!-- Text -->
+  <text x="28" y="15" font-family="Arial, Helvetica, sans-serif" font-size="12" fill="#1976d2">
+    Bonob Subsonic
+  </text>
+</svg>

sonos_service/sonos_artwork/service_logo_40x40.svg

@@ -0,0 +1,20 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="40" height="40" viewBox="0 0 40 40" role="img" aria-labelledby="title desc">
+  <title id="title">Bonob Navidrome Music Server</title>
+  <desc id="desc">Blue rounded square with a white music note and two small circles representing family.</desc>
+
+  <!-- Blue rounded background -->
+  <rect x="0" y="0" width="40" height="40" rx="6" ry="6" fill="#1976d2"/>
+
+  <!-- Family dots (simple, symbolic) -->
+  <circle cx="11.5" cy="15.5" r="1.6" fill="#ffffff"/>
+  <circle cx="11.5" cy="22.5" r="1.6" fill="#ffffff"/>
+
+  <!-- Note head -->
+  <circle cx="22" cy="26" r="4" fill="#ffffff"/>
+
+  <!-- Note stem -->
+  <rect x="24" y="10" width="1.6" height="16" rx="0.8" fill="#ffffff"/>
+
+  <!-- Note flag (simple, filled shape) -->
+  <path d="M25.6 11.2 C29.0 10.6 30.2 13.6 27.4 14.6 C29.2 15.4 27.6 16.6 25.6 15.8 Z" fill="#ffffff"/>
+</svg>

src/app.ts

@@ -18,6 +18,7 @@ import sonos, { bonobService } from "./sonos";
 import { MusicService } from "./music_service";
 import { SystemClock } from "./clock";
 import { JWTSmapiLoginTokens } from "./smapi_auth";
+import { SQLiteSmapiTokenStore } from "./smapi_token_store";
 
 const config = readConfig();
 const clock = SystemClock;
@@ -81,6 +82,16 @@ const version = fs.existsSync(GIT_INFO)
   ? fs.readFileSync(GIT_INFO).toString().trim()
   : "v??";
 
+// Initialize SQLite token store
+const smapiTokenStore = new SQLiteSmapiTokenStore(config.tokenStore.dbPath);
+
+// Migrate existing JSON tokens if they exist
+const legacyJsonPath = "/config/tokens.json";
+if (fs.existsSync(legacyJsonPath)) {
+  logger.info(`Found legacy JSON token file at ${legacyJsonPath}, attempting migration...`);
+  smapiTokenStore.migrateFromJSON(legacyJsonPath);
+}
+
 const app = server(
   sonosSystem,
   bonob,
@@ -95,7 +106,9 @@ const app = server(
     logRequests: config.logRequests,
     version,
     smapiAuthTokens: new JWTSmapiLoginTokens(clock, config.secret, config.authTimeout),
-    externalImageResolver: artistImageFetcher
+    externalImageResolver: artistImageFetcher,
+    smapiTokenStore,
+    tokenCleanupIntervalMinutes: config.tokenStore.cleanupIntervalMinutes
   }
 );
 
@@ -124,6 +137,7 @@ process.on('SIGTERM', () => {
   expressServer.close(() => {
     logger.info('HTTP server closed');
   });
+  smapiTokenStore.close();
   process.exit(0);
 });
 

src/config.ts

@@ -105,5 +105,9 @@ export default function () {
     scrobbleTracks: bnbEnvVar<boolean>("SCROBBLE_TRACKS", { default: true, parser: asBoolean }),
     reportNowPlaying:
       bnbEnvVar<boolean>("REPORT_NOW_PLAYING", { default: true, parser: asBoolean }),
+    tokenStore: {
+      dbPath: bnbEnvVar<string>("TOKEN_DB_PATH", { default: "/config/tokens.db" })!,
+      cleanupIntervalMinutes: bnbEnvVar<number>("TOKEN_CLEANUP_INTERVAL", { default: 60, parser: asInt })!,
+    },
   };
 }

src/server.ts

@@ -39,9 +39,29 @@ import {
   JWTSmapiLoginTokens,
   SmapiAuthTokens,
 } from "./smapi_auth";
+import { SmapiTokenStore, InMemorySmapiTokenStore } from "./smapi_token_store";
 
 export const BONOB_ACCESS_TOKEN_HEADER = "bat";
 
+// Session storage for tracking active streams (for scrobbling)
+type StreamSession = {
+  serviceToken: string;
+  trackId: string;
+  timestamp: number;
+};
+
+const streamSessions = new Map<string, StreamSession>();
+
+// Clean up old sessions (older than 1 hour)
+setInterval(() => {
+  const oneHourAgo = Date.now() - (60 * 60 * 1000);
+  for (const [sid, session] of streamSessions.entries()) {
+    if (session.timestamp < oneHourAgo) {
+      streamSessions.delete(sid);
+    }
+  }
+}, 5 * 60 * 1000).unref(); // Run every 5 minutes, but don't prevent process exit
+
 interface RangeFilter extends Transform {
   range: (length: number) => string;
 }
@@ -92,6 +112,8 @@ export type ServerOpts = {
   version: string;
   smapiAuthTokens: SmapiAuthTokens;
   externalImageResolver: ImageFetcher;
+  smapiTokenStore: SmapiTokenStore;
+  tokenCleanupIntervalMinutes: number;
 };
 
 const DEFAULT_SERVER_OPTS: ServerOpts = {
@@ -108,6 +130,8 @@ const DEFAULT_SERVER_OPTS: ServerOpts = {
     "1m"
   ),
   externalImageResolver: axiosImageFetcher,
+  smapiTokenStore: new InMemorySmapiTokenStore(),
+  tokenCleanupIntervalMinutes: 60,
 };
 
 function server(
@@ -133,6 +157,7 @@ function server(
     app.use(morgan("combined"));
   }
   app.use(express.urlencoded({ extended: false }));
+  app.use(express.json());
 
   app.use(express.static(path.resolve(__dirname, "..", "web", "public")));
   app.engine("eta", Eta.renderFile);
@@ -397,6 +422,14 @@ function server(
     if (!serviceToken) {
       return res.status(401).send();
     } else {
+      // Store session for scrobbling later (when Sonos reports playback)
+      streamSessions.set(id, {
+        serviceToken,
+        trackId: id,
+        timestamp: Date.now(),
+      });
+      logger.debug(`Stored stream session for track ${id}`);
+
       return musicService
         .login(serviceToken)
         .then((it) =>
@@ -598,6 +631,113 @@ function server(
       });
   });
 
+  // Sonos Reporting Endpoint for playback analytics
+  app.post("/report/:version/timePlayed", async (req, res) => {
+    const version = req.params["version"];
+    logger.debug(`Received Sonos reporting event (v${version}): ${JSON.stringify(req.body)}`);
+
+    try {
+      // Sonos may send an array of reports or a single report with items array
+      const reports = Array.isArray(req.body) ? req.body : [req.body];
+
+      for (const report of reports) {
+        // Handle both direct report format and items array format
+        const items = report.items || [report];
+
+        for (const item of items) {
+          const {
+            reportId,
+            mediaUrl,
+            durationPlayedMillis,
+            positionMillis,
+            type,
+          } = item;
+
+        // Extract track ID from mediaUrl (format: /stream/track/{id} or x-sonos-http:track%3a{id}.mp3)
+        let trackId: string | undefined;
+
+        if (mediaUrl) {
+          // Try standard URL format first
+          const standardMatch = mediaUrl.match(/\/stream\/track\/([^?]+)/);
+          if (standardMatch) {
+            trackId = standardMatch[1];
+          } else {
+            // Try x-sonos-http format (track%3a{id}.mp3)
+            const sonosMatch = mediaUrl.match(/track%3[aA]([^.?&]+)/);
+            if (sonosMatch) {
+              trackId = sonosMatch[1];
+            }
+          }
+        }
+
+        if (!trackId) {
+          logger.warn(`Could not extract track ID from mediaUrl: ${mediaUrl}, full report: ${JSON.stringify(report)}`);
+          continue; // Skip this report, process next one
+        }
+
+        const durationPlayedSeconds = Math.floor((durationPlayedMillis || 0) / 1000);
+
+        logger.info(
+          `Sonos reporting: type=${type}, trackId=${trackId}, reportId=${reportId}, ` +
+          `durationPlayed=${durationPlayedSeconds}s, position=${positionMillis}ms`
+        );
+
+        // For "final" reports, determine if we should scrobble
+        if (type === "final" && durationPlayedSeconds > 0) {
+          // Retrieve authentication from stream session storage
+          const session = streamSessions.get(trackId!);
+          let serviceToken: string | undefined = session?.serviceToken;
+
+          if (!serviceToken) {
+            // Fallback: try to extract from Authorization header (if present)
+            const authHeader = req.headers["authorization"];
+            if (authHeader && authHeader.startsWith("Bearer ")) {
+              const token = authHeader.substring(7);
+              const smapiToken = serverOpts.smapiTokenStore.get(token);
+              if (smapiToken) {
+                serviceToken = pipe(
+                  smapiAuthTokens.verify({ token, key: smapiToken.key }),
+                  E.getOrElseW(() => undefined)
+                );
+              }
+            }
+          }
+
+          if (serviceToken) {
+            await musicService.login(serviceToken).then((musicLibrary) => {
+              // Get track duration to determine scrobbling threshold
+              return musicLibrary.track(trackId!).then((track) => {
+                const shouldScrobble =
+                  (track.duration < 30 && durationPlayedSeconds >= 10) ||
+                  (track.duration >= 30 && durationPlayedSeconds >= 30);
+
+                if (shouldScrobble) {
+                  logger.info(`Scrobbling track ${trackId} after ${durationPlayedSeconds}s playback`);
+                  return musicLibrary.scrobble(trackId!);
+                } else {
+                  logger.debug(
+                    `Not scrobbling track ${trackId}: duration=${track.duration}s, played=${durationPlayedSeconds}s`
+                  );
+                  return Promise.resolve(false);
+                }
+              });
+            }).catch((e) => {
+              logger.error(`Failed to process scrobble for track ${trackId}`, { error: e });
+            });
+          } else {
+            logger.debug("No authentication available for reporting endpoint scrobble");
+          }
+        }
+        }
+      }
+
+      return res.status(200).json({ status: "ok" });
+    } catch (error) {
+      logger.error("Error processing Sonos reporting event", { error });
+      return res.status(500).json({ status: "error" });
+    }
+  });
+
   bindSmapiSoapServiceToExpress(
     app,
     SOAP_PATH,
@@ -607,7 +747,10 @@ function server(
     apiTokens,
     clock,
     i8n,
-    serverOpts.smapiAuthTokens
+    serverOpts.smapiAuthTokens,
+    serverOpts.smapiTokenStore,
+    serverOpts.logRequests,
+    serverOpts.tokenCleanupIntervalMinutes
   );
 
   if (serverOpts.applyContextPath) {

src/smapi.ts

@@ -36,7 +36,11 @@ import {
   SmapiAuthTokens,
   SMAPI_FAULT_LOGIN_UNAUTHORIZED,
   ToSmapiFault,
+  SmapiToken,
 } from "./smapi_auth";
+import { InvalidTokenError } from "./smapi_auth";
+import { IncomingHttpHeaders } from "http2";
+import { SmapiTokenStore } from "./smapi_token_store";
 
 export const LOGIN_ROUTE = "/login";
 export const CREATE_REGISTRATION_ROUTE = "/registration/add";
@@ -161,17 +165,20 @@ class SonosSoap {
   bonobUrl: URLBuilder;
   smapiAuthTokens: SmapiAuthTokens;
   clock: Clock;
+  tokenStore: SmapiTokenStore;
 
   constructor(
     bonobUrl: URLBuilder,
     linkCodes: LinkCodes,
     smapiAuthTokens: SmapiAuthTokens,
-    clock: Clock
+    clock: Clock,
+    tokenStore: SmapiTokenStore
   ) {
     this.bonobUrl = bonobUrl;
     this.linkCodes = linkCodes;
     this.smapiAuthTokens = smapiAuthTokens;
     this.clock = clock;
+    this.tokenStore = tokenStore;
   }
 
   getAppLink(): GetAppLinkResult {
@@ -193,6 +200,11 @@ class SonosSoap {
     };
   }
 
+  reportAccountAction = (args: any, _headers: any) => {
+    logger.info('Sonos reportAccountAction: ' + JSON.stringify(args));
+    return {};
+  }
+
   getDeviceAuthToken({
     linkCode,
   }: {
@@ -233,6 +245,18 @@ class SonosSoap {
       };
     }
   }
+  getCredentialsForToken(token: string): SmapiToken | undefined {
+    logger.debug("getCredentialsForToken called with: " + token);
+    logger.debug("Current tokens: " + JSON.stringify(this.tokenStore.getAll()));
+    return this.tokenStore.get(token);
+  }
+  associateCredentialsForToken(token: string, fullSmapiToken: SmapiToken, oldToken?:string) {
+    logger.debug("Adding token: " + token + " " + JSON.stringify(fullSmapiToken));
+    if(oldToken) {
+      this.tokenStore.delete(oldToken);
+    }
+    this.tokenStore.set(token, fullSmapiToken);
+  }
 }
 
 export type ContainerType = "container" | "search" | "albumList";
@@ -265,6 +289,7 @@ const playlist = (bonobUrl: URLBuilder, playlist: Playlist) => ({
   title: playlist.name,
   albumArtURI: coverArtURI(bonobUrl, playlist).href(),
   canPlay: true,
+  canEnumerate: true,
   attributes: {
     readOnly: false,
     userContent: false,
@@ -380,9 +405,33 @@ function bindSmapiSoapServiceToExpress(
   apiKeys: APITokens,
   clock: Clock,
   i8n: I8N,
-  smapiAuthTokens: SmapiAuthTokens
+  smapiAuthTokens: SmapiAuthTokens,
+  tokenStore: SmapiTokenStore,
+  _logRequests: boolean,
+  tokenCleanupIntervalMinutes: number = 60
 ) {
-  const sonosSoap = new SonosSoap(bonobUrl, linkCodes, smapiAuthTokens, clock);
+  const sonosSoap = new SonosSoap(bonobUrl, linkCodes, smapiAuthTokens, clock, tokenStore);
+
+  // Clean up expired tokens on startup
+  try {
+    const cleaned = tokenStore.cleanupExpired(smapiAuthTokens);
+    if (cleaned > 0) {
+      logger.info(`Cleaned up ${cleaned} expired token(s) on startup`);
+    }
+  } catch (error) {
+    logger.error("Failed to cleanup expired tokens on startup", { error });
+  }
+
+  // Clean up expired tokens periodically
+  const cleanupIntervalMs = tokenCleanupIntervalMinutes * 60 * 1000;
+  logger.info(`Token cleanup will run every ${tokenCleanupIntervalMinutes} minute(s)`);
+  setInterval(() => {
+    try {
+      tokenStore.cleanupExpired(smapiAuthTokens);
+    } catch (error) {
+      logger.error("Failed to cleanup expired tokens", { error });
+    }
+  }, cleanupIntervalMs).unref(); // Don't prevent process exit
 
   const urlWithToken = (accessToken: string) =>
     bonobUrl.append({
@@ -395,18 +444,39 @@ function bindSmapiSoapServiceToExpress(
     const credentialsFrom = E.fromNullable(new MissingLoginTokenError());
     return pipe(
       credentialsFrom(credentials),
-      E.chain((credentials) =>
-        pipe(
+      E.chain((credentials) => {
+        // Check if token/key is associated with a user
+        const smapiToken = sonosSoap.getCredentialsForToken(credentials.loginToken.token);
+        if (!smapiToken) {
+          logger.warn("Token not found in store - possibly old/expired token from Sonos cache. Try removing and re-adding the service in Sonos app.");
+          return E.left(new InvalidTokenError("Token not found"));
+        }
+
+        // If credentials don't have a key, use the stored one
+        const effectiveKey = credentials.loginToken.key || smapiToken.key;
+
+        if (smapiToken.key !== effectiveKey) {
+          logger.warn("Token key mismatch", { storedKey: smapiToken.key, providedKey: effectiveKey });
+          return E.left(new InvalidTokenError("Token key mismatch"));
+        }
+
+        return pipe(
           smapiAuthTokens.verify({
             token: credentials.loginToken.token,
-            key: credentials.loginToken.key,
+            key: effectiveKey,
           }),
           E.map((serviceToken) => ({
             serviceToken,
-            credentials,
+            credentials: {
+              ...credentials,
+              loginToken: {
+                ...credentials.loginToken,
+                key: effectiveKey,
+              },
+            },
           }))
-        )
-      ),
+        );
+      }),
       E.map(({ serviceToken, credentials }) => ({
         serviceToken,
         credentials,
@@ -415,7 +485,49 @@ function bindSmapiSoapServiceToExpress(
     );
   };
 
-  const login = async (credentials?: Credentials) => {
+  const swapToken = (expiredToken: string | undefined) => (newToken: SmapiToken) => {
+    logger.debug("oldToken: " + expiredToken);
+    logger.debug("newToken: " + JSON.stringify(newToken));
+    if (expiredToken) {
+      sonosSoap.associateCredentialsForToken(newToken.token, newToken, expiredToken);
+    } else {
+      sonosSoap.associateCredentialsForToken(newToken.token, newToken);
+    }
+    return TE.right(newToken);
+  }
+
+  const useHeaderIfPresent = (credentials?: Credentials, headers?: IncomingHttpHeaders) => {
+    const headersProvidedWithToken = headers!==null && headers!== undefined && headers["authorization"];
+    if(headersProvidedWithToken) {
+      logger.debug("Will use authorization header");
+      const bearer = headers["authorization"];
+      const token = bearer?.split(" ")[1];
+      if(token) {
+        const credsForToken = sonosSoap.getCredentialsForToken(token);
+        if(credsForToken==undefined) {
+          logger.debug("No creds for "+JSON.stringify(token));
+        } else {
+          credentials = {
+            ...credentials!,
+            loginToken: {
+              ...credentials?.loginToken!,
+              token: credsForToken.token,
+              key: credsForToken.key,
+            }
+          }
+          logger.debug("Updated credentials to " + JSON.stringify(credentials));
+        }
+      }
+    }
+    return credentials;
+  }
+
+  const login = async (credentials?: Credentials, headers?: IncomingHttpHeaders) => {
+
+    const credentialsProvidedWithoutAuthToken = credentials && credentials.loginToken.token==null;
+    if(credentialsProvidedWithoutAuthToken) {
+      credentials = useHeaderIfPresent(credentials, headers);
+    }
     const authOrFail = pipe(
       auth(credentials),
       E.getOrElseW((fault) => fault)
@@ -428,9 +540,16 @@ function bindSmapiSoapServiceToExpress(
           throw SMAPI_FAULT_LOGIN_UNAUTHORIZED;
         });
     } else if (isExpiredTokenError(authOrFail)) {
+      // Don't pass old token here to avoid circular reference issues with Jest/SOAP
+      // Old expired tokens will be cleaned up by TTL or manual cleanup later
+      logger.info("Token expired, attempting refresh...");
       throw await pipe(
         musicService.refreshToken(authOrFail.expiredToken),
-        TE.map((it) => smapiAuthTokens.issue(it.serviceToken)),
+        TE.map((it) => {
+          logger.info("Token refresh successful, issuing new SMAPI token");
+          return smapiAuthTokens.issue(it.serviceToken);
+        }),
+        TE.tap(swapToken(undefined)),
         TE.map((newToken) => ({
           Fault: {
             faultcode: "Client.TokenRefreshRequired",
@@ -443,7 +562,10 @@ function bindSmapiSoapServiceToExpress(
             },
           },
         })),
-        TE.getOrElse(() => T.of(SMAPI_FAULT_LOGIN_UNAUTHORIZED))
+        TE.getOrElse((err) => {
+          logger.error("Token refresh failed", { error: err });
+          return T.of(SMAPI_FAULT_LOGIN_UNAUTHORIZED);
+        })
       )();
     } else {
       throw authOrFail.toSmapiFault();
@@ -457,8 +579,18 @@ function bindSmapiSoapServiceToExpress(
       Sonos: {
         SonosSoap: {
           getAppLink: () => sonosSoap.getAppLink(),
-          getDeviceAuthToken: ({ linkCode }: { linkCode: string }) =>
-            sonosSoap.getDeviceAuthToken({ linkCode }),
+          reportAccountAction: (args: any) =>
+            sonosSoap.reportAccountAction(args, undefined),
+          getDeviceAuthToken: ({ linkCode }: { linkCode: string}) =>{
+            const deviceAuthTokenResult = sonosSoap.getDeviceAuthToken({ linkCode });
+            const smapiToken:SmapiToken = {
+              token: deviceAuthTokenResult.getDeviceAuthTokenResult.authToken,
+              key: deviceAuthTokenResult.getDeviceAuthTokenResult.privateKey
+            }
+  
+            sonosSoap.associateCredentialsForToken(smapiToken.token, smapiToken);
+            return deviceAuthTokenResult;
+          },
           getLastUpdate: () => ({
             getLastUpdateResult: {
               autoRefreshEnabled: true,
@@ -467,9 +599,11 @@ function bindSmapiSoapServiceToExpress(
               pollInterval: 60,
             },
           }),
-          refreshAuthToken: async (_, _2, soapyHeaders: SoapyHeaders) => {
+          refreshAuthToken: async (_, _2, soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">) => {
+            const creds = useHeaderIfPresent(soapyHeaders?.credentials, headers);
             const serviceToken = pipe(
-              auth(soapyHeaders?.credentials),
+              auth(creds),
               E.fold(
                 (fault) =>
                   isExpiredTokenError(fault)
@@ -481,9 +615,12 @@ function bindSmapiSoapServiceToExpress(
                 throw fault.toSmapiFault();
               })
             );
+            // Don't pass old token here to avoid circular reference issues with Jest/SOAP
+            // Old expired tokens will be cleaned up by TTL or manual cleanup later
             return pipe(
               musicService.refreshToken(serviceToken),
               TE.map((it) => smapiAuthTokens.issue(it.serviceToken)),
+              TE.tap(swapToken(undefined)), // ignores the return value, like a tee or peek
               TE.map((it) => ({
                 refreshAuthTokenResult: {
                   authToken: it.token,
@@ -498,9 +635,10 @@ function bindSmapiSoapServiceToExpress(
           getMediaURI: async (
             { id }: { id: string },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, credentials, type, typeId }) => {
                 switch (type) {
@@ -533,13 +671,15 @@ function bindSmapiSoapServiceToExpress(
                   default:
                     throw `Unsupported type:${type}`;
                   }
-              }),
+              });
+          },
           getMediaMetadata: async (
             { id }: { id: string },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(async ({ musicLibrary, apiKey, type, typeId }) => {
                 switch (type) {
@@ -554,13 +694,15 @@ function bindSmapiSoapServiceToExpress(
                   default:
                     throw `Unsupported type:${type}`;
                 }
-              }),
+              });
+          },
           search: async (
             { id, term }: { id: string; term: string },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(async ({ musicLibrary, apiKey }) => {
                 switch (id) {
@@ -586,15 +728,16 @@ function bindSmapiSoapServiceToExpress(
                     return musicLibrary.searchTracks(term).then((it) =>
                       searchResult({
                         count: it.length,
-                        mediaCollection: it.map((aTrack) =>
-                          album(urlWithToken(apiKey), aTrack.album)
+                        mediaMetadata: it.map((aTrack) =>
+                          track(urlWithToken(apiKey), aTrack)
                         ),
                       })
                     );
                   default:
                     throw `Unsupported search by:${id}`;
                 }
-              }),
+              });
+          },
           getExtendedMetadata: async (
             {
               id,
@@ -603,9 +746,10 @@ function bindSmapiSoapServiceToExpress(
             }: // recursive,
             { id: string; index: number; count: number; recursive: boolean },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(async ({ musicLibrary, apiKey, type, typeId }) => {
                 const paging = { _index: index, _count: count };
@@ -662,10 +806,35 @@ function bindSmapiSoapServiceToExpress(
                         // </getExtendedMetadataResult>
                       },
                     }));
+                  case "playlists":
+                    return musicLibrary
+                      .playlists()
+                      .then((it) =>
+                        Promise.all(
+                          it.map((playlist) => ({
+                            id: playlist.id,
+                            name: playlist.name,
+                            coverArt: playlist.coverArt,
+                            entries: [],
+                          }))
+                        )
+                      )
+                      .then(slice2(paging))
+                      .then(([page, total]) => ({
+                        getExtendedMetadataResult: {
+                          count: page.length,
+                          index: paging._index,
+                          total,
+                          mediaCollection: page.map((it) =>
+                            playlist(urlWithToken(apiKey), it)
+                          ),
+                        },
+                      }));
                   default:
                     throw `Unsupported getExtendedMetadata id=${id}`;
                 }
-              }),
+              });
+          },
           getMetadata: async (
             {
               id,
@@ -676,12 +845,12 @@ function bindSmapiSoapServiceToExpress(
             _,
             soapyHeaders: SoapyHeaders,
             { headers }: Pick<Request, "headers">
-          ) =>
-            login(soapyHeaders?.credentials)
+          ) => {
+            const acceptLanguage = headers["accept-language"];
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, apiKey, type, typeId }) => {
                 const paging = { _index: index, _count: count };
-                const acceptLanguage = headers["accept-language"];
                 logger.debug(
                   `Fetching metadata type=${type}, typeId=${typeId}, acceptLanguage=${acceptLanguage}`
                 );
@@ -736,7 +905,8 @@ function bindSmapiSoapServiceToExpress(
                           id: "playlists",
                           title: lang("playlists"),
                           albumArtURI: iconArtURI(bonobUrl, "playlists").href(),
-                          itemType: "playlist",
+                          itemType: "container",
+                          canEnumerate: true,
                           attributes: {
                             readOnly: false,
                             userContent: true,
@@ -996,13 +1166,15 @@ function bindSmapiSoapServiceToExpress(
                   default:
                     throw `Unsupported getMetadata id=${id}`;
                 }
-              }),
+              });
+          },
           createContainer: async (
             { title, seedId }: { title: string; seedId: string | undefined },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(({ musicLibrary }) =>
                 musicLibrary
                   .createPlaylist(title)
@@ -1022,32 +1194,38 @@ function bindSmapiSoapServiceToExpress(
                   id: `playlist:${it.id}`,
                   updateId: "",
                 },
-              })),
+              }));
+          },
           deleteContainer: async (
             { id }: { id: string },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(({ musicLibrary }) => musicLibrary.deletePlaylist(id))
-              .then((_) => ({ deleteContainerResult: {} })),
+              .then((_) => ({ deleteContainerResult: {} }));
+          },
           addToContainer: async (
             { id, parentId }: { id: string; parentId: string },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, typeId }) =>
                 musicLibrary.addToPlaylist(parentId.split(":")[1]!, typeId)
               )
-              .then((_) => ({ addToContainerResult: { updateId: "" } })),
+              .then((_) => ({ addToContainerResult: { updateId: "" } }));
+          },
           removeFromContainer: async (
             { id, indices }: { id: string; indices: string },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then((it) => ({
                 ...it,
@@ -1064,25 +1242,29 @@ function bindSmapiSoapServiceToExpress(
                   musicLibrary.removeFromPlaylist(typeId, indices);
                 }
               })
-              .then((_) => ({ removeFromContainerResult: { updateId: "" } })),
+              .then((_) => ({ removeFromContainerResult: { updateId: "" } }));
+          },
           rateItem: async (
             { id, rating }: { id: string; rating: number },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, typeId }) =>
                 musicLibrary.rate(typeId, ratingFromInt(Math.abs(rating)))
               )
-              .then((_) => ({ rateItemResult: { shouldSkip: false } })),
+              .then((_) => ({ rateItemResult: { shouldSkip: false } }));
+          },
 
           setPlayedSeconds: async (
             { id, seconds }: { id: string; seconds: string },
             _,
-            soapyHeaders: SoapyHeaders
-          ) =>
-            login(soapyHeaders?.credentials)
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
               .then(splitId(id))
               .then(({ musicLibrary, type, typeId }) => {
                 switch (type) {
@@ -1104,7 +1286,49 @@ function bindSmapiSoapServiceToExpress(
               })
               .then((_) => ({
                 setPlayedSecondsResult: {},
-              })),
+              }));
+          },
+
+          reportPlaySeconds: async (
+            { id, seconds }: { id: string; seconds: string },
+            _,
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
+              .then(splitId(id))
+              .then(({ type, typeId }) => {
+                if (type === "track") {
+                  logger.debug(`reportPlaySeconds called for track ${typeId}, seconds: ${seconds}`);
+                  // Return interval of 30 seconds for next update
+                  return Promise.resolve(true);
+                }
+                return Promise.resolve(true);
+              })
+              .then((_) => ({
+                reportPlaySecondsResult: { interval: 30 },
+              }));
+          },
+
+          reportPlayStatus: async (
+            { id, status }: { id: string; status: string },
+            _,
+            soapyHeaders: SoapyHeaders,
+            { headers }: Pick<Request, "headers">
+          ) => {
+            return login(soapyHeaders?.credentials, headers)
+              .then(splitId(id))
+              .then(({ musicLibrary, type, typeId }) => {
+                if (type === "track") {
+                  logger.info(`reportPlayStatus called for track ${typeId}, status: ${status}`);
+                  if (status === "PLAY_START" || status === "PAUSED_PLAYBACK") {
+                    return musicLibrary.nowPlaying(typeId);
+                  }
+                }
+                return Promise.resolve(true);
+              })
+              .then((_) => ({}));
+          },
         },
       },
     },

src/smapi_auth.ts

@@ -4,6 +4,8 @@ import { v4 as uuid } from "uuid";
 import { b64Decode, b64Encode } from "./b64";
 import { Clock } from "./clock";
 
+import logger from "./logger";
+
 export type SmapiFault = { Fault: { faultcode: string; faultstring: string } };
 export type SmapiRefreshTokenResultFault = SmapiFault & {
   Fault: {
@@ -14,6 +16,7 @@ export type SmapiRefreshTokenResultFault = SmapiFault & {
 };
 
 function isError(thing: any): thing is Error {
+  logger.debug("isError check", { thing });
   return thing.name && thing.message;
 }
 
@@ -151,6 +154,13 @@ export class JWTSmapiLoginTokens implements SmapiAuthTokens {
   };
 
   verify = (smapiToken: SmapiToken): E.Either<ToSmapiFault, string> => {
+    logger.debug("Verifying JWT", {
+      token: smapiToken.token,
+      key: smapiToken.key,
+      secret: this.secret,
+      version: this.version,
+      secretKey: this.secret + this.version + smapiToken.key,
+    });
     try {
       return E.right(
         (
@@ -161,7 +171,9 @@ export class JWTSmapiLoginTokens implements SmapiAuthTokens {
         ).serviceToken
       );
     } catch (e) {
+      const err = e as Error;
       if (isTokenExpiredError(e)) {
+        logger.debug("JWT token expired, will attempt refresh", { expiredAt: (e as TokenExpiredError).expiredAt });
         const serviceToken = (
           jwt.verify(
             smapiToken.token,
@@ -170,8 +182,11 @@ export class JWTSmapiLoginTokens implements SmapiAuthTokens {
           ) as any
         ).serviceToken;
         return E.left(new ExpiredTokenError(serviceToken));
-      } else if (isError(e)) return E.left(new InvalidTokenError(e.message));
-      else return E.left(new InvalidTokenError("Failed to verify token"));
+      } else {
+        logger.warn("JWT verification failed - token may be invalid or from different secret", { message: err.message });
+        if (isError(e)) return E.left(new InvalidTokenError(err.message));
+        else return E.left(new InvalidTokenError("Failed to verify token"));
+      }
     }
   };
 }

src/smapi_token_store.ts

@@ -0,0 +1,166 @@
+import fs from "fs";
+import path from "path";
+import logger from "./logger";
+import { SmapiToken, SmapiAuthTokens } from "./smapi_auth";
+import { either as E } from "fp-ts";
+
+export { SQLiteSmapiTokenStore } from "./sqlite_smapi_token_store";
+
+export interface SmapiTokenStore {
+  get(token: string): SmapiToken | undefined;
+  set(token: string, fullSmapiToken: SmapiToken): void;
+  delete(token: string): void;
+  getAll(): { [tokenKey: string]: SmapiToken };
+  cleanupExpired(smapiAuthTokens: SmapiAuthTokens): number;
+}
+
+export class InMemorySmapiTokenStore implements SmapiTokenStore {
+  private tokens: { [tokenKey: string]: SmapiToken } = {};
+
+  get(token: string): SmapiToken | undefined {
+    return this.tokens[token];
+  }
+
+  set(token: string, fullSmapiToken: SmapiToken): void {
+    this.tokens[token] = fullSmapiToken;
+  }
+
+  delete(token: string): void {
+    delete this.tokens[token];
+  }
+
+  getAll(): { [tokenKey: string]: SmapiToken } {
+    return this.tokens;
+  }
+
+  cleanupExpired(smapiAuthTokens: SmapiAuthTokens): number {
+    const tokenKeys = Object.keys(this.tokens);
+    let deletedCount = 0;
+
+    for (const tokenKey of tokenKeys) {
+      const smapiToken = this.tokens[tokenKey];
+      if (smapiToken) {
+        const verifyResult = smapiAuthTokens.verify(smapiToken);
+        // Only delete if token verification fails with InvalidTokenError
+        // Do NOT delete ExpiredTokenError as those can still be refreshed
+        if (E.isLeft(verifyResult)) {
+          const error = verifyResult.left;
+          // Only delete invalid tokens, not expired ones (which can be refreshed)
+          if (error._tag === 'InvalidTokenError') {
+            logger.debug(`Deleting invalid token from in-memory store`);
+            delete this.tokens[tokenKey];
+            deletedCount++;
+          }
+        }
+      }
+    }
+
+    if (deletedCount > 0) {
+      logger.info(`Cleaned up ${deletedCount} invalid token(s) from in-memory store`);
+    }
+
+    return deletedCount;
+  }
+}
+
+export class FileSmapiTokenStore implements SmapiTokenStore {
+  private tokens: { [tokenKey: string]: SmapiToken } = {};
+  private readonly filePath: string;
+
+  constructor(filePath: string) {
+    this.filePath = filePath;
+    this.loadFromFile();
+  }
+
+  private loadFromFile(): void {
+    try {
+      // Ensure the directory exists
+      const dir = path.dirname(this.filePath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+        logger.info(`Created token storage directory: ${dir}`);
+      }
+
+      // Load existing tokens if file exists
+      if (fs.existsSync(this.filePath)) {
+        const data = fs.readFileSync(this.filePath, "utf8");
+        this.tokens = JSON.parse(data);
+        logger.info(
+          `Loaded ${Object.keys(this.tokens).length} token(s) from ${this.filePath}`
+        );
+      } else {
+        logger.info(`No existing token file found at ${this.filePath}, starting fresh`);
+        this.tokens = {};
+        this.saveToFile();
+      }
+    } catch (error) {
+      logger.error(`Failed to load tokens from ${this.filePath}`, { error });
+      this.tokens = {};
+    }
+  }
+
+  private saveToFile(): void {
+    try {
+      // Ensure the directory exists before writing
+      const dir = path.dirname(this.filePath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+        logger.info(`Created token storage directory: ${dir}`);
+      }
+
+      const data = JSON.stringify(this.tokens, null, 2);
+      fs.writeFileSync(this.filePath, data, "utf8");
+      logger.debug(`Saved ${Object.keys(this.tokens).length} token(s) to ${this.filePath}`);
+    } catch (error) {
+      logger.error(`Failed to save tokens to ${this.filePath}`, { error });
+    }
+  }
+
+  get(token: string): SmapiToken | undefined {
+    return this.tokens[token];
+  }
+
+  set(token: string, fullSmapiToken: SmapiToken): void {
+    this.tokens[token] = fullSmapiToken;
+    this.saveToFile();
+  }
+
+  delete(token: string): void {
+    delete this.tokens[token];
+    this.saveToFile();
+  }
+
+  getAll(): { [tokenKey: string]: SmapiToken } {
+    return this.tokens;
+  }
+
+  cleanupExpired(smapiAuthTokens: SmapiAuthTokens): number {
+    const tokenKeys = Object.keys(this.tokens);
+    let deletedCount = 0;
+
+    for (const tokenKey of tokenKeys) {
+      const smapiToken = this.tokens[tokenKey];
+      if (smapiToken) {
+        const verifyResult = smapiAuthTokens.verify(smapiToken);
+        // Only delete if token verification fails with InvalidTokenError
+        // Do NOT delete ExpiredTokenError as those can still be refreshed
+        if (E.isLeft(verifyResult)) {
+          const error = verifyResult.left;
+          // Only delete invalid tokens, not expired ones (which can be refreshed)
+          if (error._tag === 'InvalidTokenError') {
+            logger.debug(`Deleting invalid token from file store`);
+            delete this.tokens[tokenKey];
+            deletedCount++;
+          }
+        }
+      }
+    }
+
+    if (deletedCount > 0) {
+      logger.info(`Cleaned up ${deletedCount} invalid token(s) from file store`);
+      this.saveToFile();
+    }
+
+    return deletedCount;
+  }
+}

src/sqlite_smapi_token_store.ts

@@ -0,0 +1,200 @@
+import Database from "better-sqlite3";
+import path from "path";
+import fs from "fs";
+import logger from "./logger";
+import { SmapiToken, SmapiAuthTokens } from "./smapi_auth";
+import { either as E } from "fp-ts";
+import { SmapiTokenStore } from "./smapi_token_store";
+
+export class SQLiteSmapiTokenStore implements SmapiTokenStore {
+  private db!: Database.Database;
+  private readonly dbPath: string;
+
+  constructor(dbPath: string) {
+    this.dbPath = dbPath;
+    this.initializeDatabase();
+  }
+
+  private initializeDatabase(): void {
+    try {
+      // Ensure the directory exists
+      const dir = path.dirname(this.dbPath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+        logger.info(`Created token storage directory: ${dir}`);
+      }
+
+      // Open database connection
+      this.db = new Database(this.dbPath);
+
+      // Create table if it doesn't exist
+      this.db.exec(`
+        CREATE TABLE IF NOT EXISTS smapi_tokens (
+          token_key TEXT PRIMARY KEY,
+          token TEXT NOT NULL,
+          key TEXT NOT NULL,
+          created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))
+        )
+      `);
+
+      // Create index for faster lookups
+      this.db.exec(`
+        CREATE INDEX IF NOT EXISTS idx_created_at ON smapi_tokens(created_at)
+      `);
+
+      const count = this.db.prepare("SELECT COUNT(*) as count FROM smapi_tokens").get() as { count: number };
+      logger.info(`SQLite token store initialized at ${this.dbPath} with ${count.count} token(s)`);
+    } catch (error) {
+      logger.error(`Failed to initialize SQLite token store at ${this.dbPath}`, { error });
+      throw error;
+    }
+  }
+
+  get(tokenKey: string): SmapiToken | undefined {
+    try {
+      const stmt = this.db.prepare("SELECT token, key FROM smapi_tokens WHERE token_key = ?");
+      const row = stmt.get(tokenKey) as { token: string; key: string } | undefined;
+
+      if (!row) {
+        return undefined;
+      }
+
+      return {
+        token: row.token,
+        key: row.key,
+      };
+    } catch (error) {
+      logger.error(`Failed to get token from SQLite store`, { error });
+      return undefined;
+    }
+  }
+
+  set(tokenKey: string, fullSmapiToken: SmapiToken): void {
+    try {
+      const stmt = this.db.prepare(`
+        INSERT OR REPLACE INTO smapi_tokens (token_key, token, key)
+        VALUES (?, ?, ?)
+      `);
+      stmt.run(tokenKey, fullSmapiToken.token, fullSmapiToken.key);
+      logger.debug(`Saved token to SQLite store`);
+    } catch (error) {
+      logger.error(`Failed to save token to SQLite store`, { error });
+    }
+  }
+
+  delete(tokenKey: string): void {
+    try {
+      const stmt = this.db.prepare("DELETE FROM smapi_tokens WHERE token_key = ?");
+      stmt.run(tokenKey);
+      logger.debug(`Deleted token from SQLite store`);
+    } catch (error) {
+      logger.error(`Failed to delete token from SQLite store`, { error });
+    }
+  }
+
+  getAll(): { [tokenKey: string]: SmapiToken } {
+    try {
+      const stmt = this.db.prepare("SELECT token_key, token, key FROM smapi_tokens");
+      const rows = stmt.all() as Array<{ token_key: string; token: string; key: string }>;
+
+      const tokens: { [tokenKey: string]: SmapiToken } = {};
+      for (const row of rows) {
+        tokens[row.token_key] = {
+          token: row.token,
+          key: row.key,
+        };
+      }
+
+      return tokens;
+    } catch (error) {
+      logger.error(`Failed to get all tokens from SQLite store`, { error });
+      return {};
+    }
+  }
+
+  cleanupExpired(smapiAuthTokens: SmapiAuthTokens): number {
+    try {
+      const tokens = this.getAll();
+      const tokenKeys = Object.keys(tokens);
+      let deletedCount = 0;
+
+      for (const tokenKey of tokenKeys) {
+        const smapiToken = tokens[tokenKey];
+        if (smapiToken) {
+          const verifyResult = smapiAuthTokens.verify(smapiToken);
+          // Only delete if token verification fails with InvalidTokenError
+          // Do NOT delete ExpiredTokenError as those can still be refreshed
+          if (E.isLeft(verifyResult)) {
+            const error = verifyResult.left;
+            // Only delete invalid tokens, not expired ones (which can be refreshed)
+            if (error._tag === 'InvalidTokenError') {
+              logger.debug(`Deleting invalid token from SQLite store`);
+              this.delete(tokenKey);
+              deletedCount++;
+            }
+          }
+        }
+      }
+
+      if (deletedCount > 0) {
+        logger.info(`Cleaned up ${deletedCount} invalid token(s) from SQLite store`);
+      }
+
+      return deletedCount;
+    } catch (error) {
+      logger.error(`Failed to cleanup expired tokens from SQLite store`, { error });
+      return 0;
+    }
+  }
+
+  /**
+   * Migrate tokens from a JSON file to the SQLite database
+   * @param jsonFilePath Path to the JSON file containing tokens
+   * @returns Number of tokens migrated
+   */
+  migrateFromJSON(jsonFilePath: string): number {
+    try {
+      if (!fs.existsSync(jsonFilePath)) {
+        logger.info(`No JSON token file found at ${jsonFilePath}, skipping migration`);
+        return 0;
+      }
+
+      const data = fs.readFileSync(jsonFilePath, "utf8");
+      const tokens: { [tokenKey: string]: SmapiToken } = JSON.parse(data);
+      const tokenKeys = Object.keys(tokens);
+
+      let migratedCount = 0;
+      for (const tokenKey of tokenKeys) {
+        const token = tokens[tokenKey];
+        if (token) {
+          this.set(tokenKey, token);
+          migratedCount++;
+        }
+      }
+
+      logger.info(`Migrated ${migratedCount} token(s) from ${jsonFilePath} to SQLite`);
+
+      // Optionally rename the old JSON file to .bak
+      const backupPath = `${jsonFilePath}.bak`;
+      fs.renameSync(jsonFilePath, backupPath);
+      logger.info(`Backed up original JSON file to ${backupPath}`);
+
+      return migratedCount;
+    } catch (error) {
+      logger.error(`Failed to migrate tokens from JSON file ${jsonFilePath}`, { error });
+      return 0;
+    }
+  }
+
+  /**
+   * Close the database connection
+   */
+  close(): void {
+    try {
+      this.db.close();
+      logger.info("SQLite token store connection closed");
+    } catch (error) {
+      logger.error("Failed to close SQLite token store connection", { error });
+    }
+  }
+}

src/subsonic.ts

@@ -638,8 +638,14 @@ export class SubsonicMusicLibrary implements MusicLibrary {
           id,
           submission: true,
         })
-        .then((_) => true)
-        .catch(() => false)
+        .then((_) => {
+          logger.debug(`Successfully scrobbled track ${id}`);
+          return true;
+        })
+        .catch((e) => {
+          logger.error(`Failed to scrobble track ${id}`, { error: e });
+          return false;
+        })
 
     nowPlaying = async (id: string) =>
         this.subsonic
@@ -647,8 +653,14 @@ export class SubsonicMusicLibrary implements MusicLibrary {
             id,
             submission: false,
           })
-          .then((_) => true)
-          .catch(() => false)
+          .then((_) => {
+            logger.debug(`Successfully reported now playing for track ${id}`);
+            return true;
+          })
+          .catch((e) => {
+            logger.error(`Failed to report now playing for track ${id}`, { error: e });
+            return false;
+          })
 
     searchArtists = async (query: string) =>
         this.subsonic
@@ -681,7 +693,7 @@ export class SubsonicMusicLibrary implements MusicLibrary {
     playlists = async () =>
       this.subsonic
         .getJSON<GetPlaylistsResponse>(this.credentials, "/rest/getPlaylists")
-        .then(({ playlists }) => (playlists.playlist || []).map(asPlayListSummary))
+        .then(({ playlists }) => (playlists?.playlist || []).map(asPlayListSummary))
 
     playlist = async (id: string) =>
       this.subsonic

tests/scenarios.test.ts

@@ -94,7 +94,7 @@ class SonosDriver {
       .get(this.bonobUrl.append({ pathname: "/" }).pathname())
       .expect(200)
       .then((response) => {
-        const m = response.text.match(/ action="(.*)" /i);
+        const m = response.text.match(/ action="([^"]+)"/i);
         return m![1]!;
       });
 

tests/server.test.ts

@@ -240,7 +240,7 @@ describe("server", () => {
                 .send();
 
               expect(res.status).toEqual(200);
-              expect(res.text).toMatch(`<h2>${lang("devices")} \(0\)</h2>`);
+              expect(res.text).toMatch(new RegExp(`${lang("devices")}.*\\(0\\)`));
               expect(res.text).not.toMatch(/class=device/);
               expect(res.text).toContain(lang("noSonosDevices"));
             });
@@ -276,7 +276,7 @@ describe("server", () => {
                   .send();
 
                 expect(res.status).toEqual(200);
-                expect(res.text).toMatch(`<h2>${lang("devices")} \(0\)</h2>`);
+                expect(res.text).toMatch(new RegExp(`${lang("devices")}.*\\(0\\)`));
                 expect(res.text).not.toMatch(/class=device/);
                 expect(res.text).toContain(lang("noSonosDevices"));
               });
@@ -290,7 +290,7 @@ describe("server", () => {
                   .send();
 
                 expect(res.status).toEqual(200);
-                expect(res.text).toMatch(`<h2>${lang("services")} \(0\)</h2>`);
+                expect(res.text).toMatch(new RegExp(`${lang("services")}.*\\(0\\)`));
               });
             });
           });
@@ -352,9 +352,9 @@ describe("server", () => {
                   .send();
 
                 expect(res.status).toEqual(200);
-                expect(res.text).toMatch(`<h2>${lang("devices")} \(2\)</h2>`);
-                expect(res.text).toMatch(/device1\s+\(172.0.0.1:4301\)/);
-                expect(res.text).toMatch(/device2\s+\(172.0.0.2:4302\)/);
+                expect(res.text).toMatch(new RegExp(`${lang("devices")}.*\\(2\\)`));
+                expect(res.text).toMatch(/device1.*172\.0\.0\.1:4301/);
+                expect(res.text).toMatch(/device2.*172\.0\.0\.2:4302/);
               });
             });
 
@@ -366,11 +366,11 @@ describe("server", () => {
                   .send();
 
                 expect(res.status).toEqual(200);
-                expect(res.text).toMatch(`<h2>${lang("services")} \(4\)</h2>`);
-                expect(res.text).toMatch(/s1\s+\(1\)/);
-                expect(res.text).toMatch(/s2\s+\(2\)/);
-                expect(res.text).toMatch(/s3\s+\(3\)/);
-                expect(res.text).toMatch(/s4\s+\(4\)/);
+                expect(res.text).toMatch(new RegExp(`${lang("services")}.*\\(4\\)`));
+                expect(res.text).toMatch(/s1.*SID:\s*1/);
+                expect(res.text).toMatch(/s2.*SID:\s*2/);
+                expect(res.text).toMatch(/s3.*SID:\s*3/);
+                expect(res.text).toMatch(/s4.*SID:\s*4/);
               });
             });
 
@@ -382,14 +382,11 @@ describe("server", () => {
                   .send();
                 expect(res.status).toEqual(200);
                 expect(res.text).toMatch(
-                  `<input type="submit" value="${lang("register")}">`
-                );
-                expect(res.text).toMatch(`<h3>${lang("expectedConfig")}</h3>`);
-                expect(res.text).toMatch(
-                  `<h3>${lang("noExistingServiceRegistration")}</h3>`
+                  `<input type="submit" value="${lang("register")}" id="submit">`
                 );
+                expect(res.text).toContain(lang("noExistingServiceRegistration"));
                 expect(res.text).not.toMatch(
-                  `<input type="submit" value="${lang("removeRegistration")}">`
+                  `value="${lang("removeRegistration")}"`
                 );
               });
             });
@@ -440,14 +437,11 @@ describe("server", () => {
                   .send();
                 expect(res.status).toEqual(200);
                 expect(res.text).toMatch(
-                  `<input type="submit" value="${lang("register")}">`
+                  `<input type="submit" value="${lang("register")}" id="submit">`
                 );
-                expect(res.text).toMatch(`<h3>${lang("expectedConfig")}</h3>`);
+                expect(res.text).toContain(lang("existingServiceConfig"));
                 expect(res.text).toMatch(
-                  `<h3>${lang("existingServiceConfig")}</h3>`
-                );
-                expect(res.text).toMatch(
-                  `<input type="submit" value="${lang("removeRegistration")}">`
+                  `<input type="submit" value="${lang("removeRegistration")}" id="submit"`
                 );
               });
             });
@@ -632,13 +626,13 @@ describe("server", () => {
           expect(res.status).toEqual(200);
           expect(res.text).toMatch(`<title>${lang("login")}</title>`);
           expect(res.text).toMatch(
-            `<h1 class="login one-word-per-line">${lang("logInToBonob")}</h1>`
+            `<h1>${lang("logInToBonob")}</h1>`
           );
           expect(res.text).toMatch(
-            `<label for="username">${lang("username")}:</label>`
+            `<label for="username">${lang("username")}</label>`
           );
           expect(res.text).toMatch(
-            `<label for="password">${lang("password")}:</label>`
+            `<label for="password">${lang("password")}</label>`
           );
           expect(res.text).toMatch(
             `<input type="submit" value="${lang("login")}" id="submit">`

tests/smapi.test.ts

@@ -984,8 +984,8 @@ describe("wsdl api", () => {
                 });
                 expect(result[0]).toEqual(
                   searchResult({
-                    mediaCollection: tracks.map((it) =>
-                      album(bonobUrlWithAccessToken, it.album)
+                    mediaMetadata: tracks.map((it) =>
+                      track(bonobUrlWithAccessToken, it)
                     ),
                     index: 0,
                     total: 2,
@@ -1160,7 +1160,8 @@ describe("wsdl api", () => {
                       id: "playlists",
                       title: "Playlists",
                       albumArtURI: iconArtURI(bonobUrl, "playlists").href(),
-                      itemType: "playlist",
+                      itemType: "container",
+                      canEnumerate: true,
                       attributes: {
                         readOnly: "false",
                         renameable: "false",
@@ -1260,7 +1261,8 @@ describe("wsdl api", () => {
                       id: "playlists",
                       title: "Afspeellijsten",
                       albumArtURI: iconArtURI(bonobUrl, "playlists").href(),
-                      itemType: "playlist",
+                      itemType: "container",
+                      canEnumerate: true,
                       attributes: {
                         readOnly: "false",
                         renameable: "false",
@@ -1497,6 +1499,7 @@ describe("wsdl api", () => {
                           playlist
                         ).href(),
                         canPlay: true,
+                        canEnumerate: true,
                         attributes: {
                           readOnly: "false",
                           userContent: "false",
@@ -1529,6 +1532,7 @@ describe("wsdl api", () => {
                             playlist
                           ).href(),
                           canPlay: true,
+                          canEnumerate: true,
                           attributes: {
                             readOnly: "false",
                             userContent: "false",

tests/sqlite_smapi_token_store.test.ts

@@ -0,0 +1,234 @@
+import fs from "fs";
+import path from "path";
+import { SQLiteSmapiTokenStore } from "../src/sqlite_smapi_token_store";
+import { SmapiToken } from "../src/smapi_auth";
+import { JWTSmapiLoginTokens } from "../src/smapi_auth";
+import { SystemClock } from "../src/clock";
+
+describe("SQLiteSmapiTokenStore", () => {
+  const testDbPath = path.join(__dirname, "test-tokens.db");
+  const testJsonPath = path.join(__dirname, "test-tokens.json");
+  let tokenStore: SQLiteSmapiTokenStore;
+
+  beforeEach(() => {
+    // Clean up any existing test files
+    if (fs.existsSync(testDbPath)) {
+      fs.unlinkSync(testDbPath);
+    }
+    if (fs.existsSync(testJsonPath)) {
+      fs.unlinkSync(testJsonPath);
+    }
+    if (fs.existsSync(`${testJsonPath}.bak`)) {
+      fs.unlinkSync(`${testJsonPath}.bak`);
+    }
+
+    tokenStore = new SQLiteSmapiTokenStore(testDbPath);
+  });
+
+  afterEach(() => {
+    tokenStore.close();
+
+    // Clean up test files
+    if (fs.existsSync(testDbPath)) {
+      fs.unlinkSync(testDbPath);
+    }
+    if (fs.existsSync(testJsonPath)) {
+      fs.unlinkSync(testJsonPath);
+    }
+    if (fs.existsSync(`${testJsonPath}.bak`)) {
+      fs.unlinkSync(`${testJsonPath}.bak`);
+    }
+  });
+
+  describe("Database Initialization", () => {
+    it("should create database file on initialization", () => {
+      expect(fs.existsSync(testDbPath)).toBe(true);
+    });
+
+    it("should create parent directory if it doesn't exist", () => {
+      const nestedPath = path.join(__dirname, "nested", "dir", "tokens.db");
+      const nestedStore = new SQLiteSmapiTokenStore(nestedPath);
+
+      expect(fs.existsSync(nestedPath)).toBe(true);
+
+      nestedStore.close();
+      fs.unlinkSync(nestedPath);
+      fs.rmdirSync(path.dirname(nestedPath));
+      fs.rmdirSync(path.dirname(path.dirname(nestedPath)));
+    });
+  });
+
+  describe("Token Operations", () => {
+    const testToken: SmapiToken = {
+      token: "test-jwt-token",
+      key: "test-key-123",
+    };
+
+    it("should set and get a token", () => {
+      tokenStore.set("token1", testToken);
+      const retrieved = tokenStore.get("token1");
+
+      expect(retrieved).toEqual(testToken);
+    });
+
+    it("should return undefined for non-existent token", () => {
+      const retrieved = tokenStore.get("non-existent");
+      expect(retrieved).toBeUndefined();
+    });
+
+    it("should update existing token", () => {
+      tokenStore.set("token1", testToken);
+
+      const updatedToken: SmapiToken = {
+        token: "updated-jwt-token",
+        key: "updated-key-456",
+      };
+
+      tokenStore.set("token1", updatedToken);
+      const retrieved = tokenStore.get("token1");
+
+      expect(retrieved).toEqual(updatedToken);
+    });
+
+    it("should delete a token", () => {
+      tokenStore.set("token1", testToken);
+      tokenStore.delete("token1");
+      const retrieved = tokenStore.get("token1");
+
+      expect(retrieved).toBeUndefined();
+    });
+
+    it("should get all tokens", () => {
+      const token1: SmapiToken = { token: "jwt1", key: "key1" };
+      const token2: SmapiToken = { token: "jwt2", key: "key2" };
+      const token3: SmapiToken = { token: "jwt3", key: "key3" };
+
+      tokenStore.set("tokenKey1", token1);
+      tokenStore.set("tokenKey2", token2);
+      tokenStore.set("tokenKey3", token3);
+
+      const allTokens = tokenStore.getAll();
+
+      expect(Object.keys(allTokens).length).toBe(3);
+      expect(allTokens["tokenKey1"]).toEqual(token1);
+      expect(allTokens["tokenKey2"]).toEqual(token2);
+      expect(allTokens["tokenKey3"]).toEqual(token3);
+    });
+
+    it("should return empty object when no tokens exist", () => {
+      const allTokens = tokenStore.getAll();
+      expect(allTokens).toEqual({});
+    });
+  });
+
+  describe("Token Cleanup", () => {
+    it("should cleanup invalid tokens", () => {
+      const smapiAuthTokens = new JWTSmapiLoginTokens(SystemClock, "test-secret", "1h");
+
+      // Create valid tokens
+      const validToken1 = smapiAuthTokens.issue("service-token-1");
+      const validToken2 = smapiAuthTokens.issue("service-token-2");
+
+      // Create invalid token (wrong secret)
+      const invalidAuthTokens = new JWTSmapiLoginTokens(SystemClock, "different-secret", "1h");
+      const invalidToken = invalidAuthTokens.issue("service-token-3");
+
+      tokenStore.set("valid1", validToken1);
+      tokenStore.set("valid2", validToken2);
+      tokenStore.set("invalid", invalidToken);
+
+      // Clean up
+      const deletedCount = tokenStore.cleanupExpired(smapiAuthTokens);
+
+      expect(deletedCount).toBe(1);
+      expect(tokenStore.get("valid1")).toBeDefined();
+      expect(tokenStore.get("valid2")).toBeDefined();
+      expect(tokenStore.get("invalid")).toBeUndefined();
+    });
+
+    it("should not cleanup expired tokens that can be refreshed", () => {
+      // Note: This test would require mocking time to create an expired token
+      // For now, we just verify the function runs without error
+      const smapiAuthTokens = new JWTSmapiLoginTokens(SystemClock, "test-secret", "1h");
+      const validToken = smapiAuthTokens.issue("service-token-1");
+
+      tokenStore.set("token1", validToken);
+      const deletedCount = tokenStore.cleanupExpired(smapiAuthTokens);
+
+      expect(deletedCount).toBe(0);
+      expect(tokenStore.get("token1")).toBeDefined();
+    });
+  });
+
+  describe("JSON Migration", () => {
+    it("should migrate tokens from JSON file", () => {
+      const jsonTokens = {
+        token1: { token: "jwt1", key: "key1" },
+        token2: { token: "jwt2", key: "key2" },
+        token3: { token: "jwt3", key: "key3" },
+      };
+
+      fs.writeFileSync(testJsonPath, JSON.stringify(jsonTokens, null, 2), "utf8");
+
+      const migratedCount = tokenStore.migrateFromJSON(testJsonPath);
+
+      expect(migratedCount).toBe(3);
+      expect(tokenStore.get("token1")).toEqual(jsonTokens.token1);
+      expect(tokenStore.get("token2")).toEqual(jsonTokens.token2);
+      expect(tokenStore.get("token3")).toEqual(jsonTokens.token3);
+    });
+
+    it("should create backup of original JSON file", () => {
+      const jsonTokens = {
+        token1: { token: "jwt1", key: "key1" },
+      };
+
+      fs.writeFileSync(testJsonPath, JSON.stringify(jsonTokens, null, 2), "utf8");
+      tokenStore.migrateFromJSON(testJsonPath);
+
+      expect(fs.existsSync(`${testJsonPath}.bak`)).toBe(true);
+      expect(fs.existsSync(testJsonPath)).toBe(false);
+    });
+
+    it("should return 0 when JSON file does not exist", () => {
+      const migratedCount = tokenStore.migrateFromJSON(testJsonPath);
+      expect(migratedCount).toBe(0);
+    });
+
+    it("should handle empty JSON file", () => {
+      fs.writeFileSync(testJsonPath, JSON.stringify({}), "utf8");
+      const migratedCount = tokenStore.migrateFromJSON(testJsonPath);
+
+      expect(migratedCount).toBe(0);
+    });
+  });
+
+  describe("Persistence", () => {
+    it("should persist tokens across instances", () => {
+      const testToken: SmapiToken = { token: "jwt1", key: "key1" };
+
+      tokenStore.set("token1", testToken);
+      tokenStore.close();
+
+      // Create new instance with same database
+      const newStore = new SQLiteSmapiTokenStore(testDbPath);
+      const retrieved = newStore.get("token1");
+
+      expect(retrieved).toEqual(testToken);
+
+      newStore.close();
+    });
+  });
+
+  describe("Close", () => {
+    it("should close database connection without error", () => {
+      expect(() => tokenStore.close()).not.toThrow();
+    });
+
+    it("should handle multiple close calls gracefully", () => {
+      tokenStore.close();
+      // Second close should not throw
+      expect(() => tokenStore.close()).not.toThrow();
+    });
+  });
+});

web/views/failure.eta

@@ -1,6 +1,12 @@
 <% layout('./layout', { title: it.lang("failure") }) %>
 
 <div id="content">
-  <h1 class="failure"><%= it.message %></h1>
-  <h1 class="cause"><%= it.cause || "" %></h1>
+  <div class="message-container">
+    <div class="logo">✗</div>
+    <h1><%= it.message %></h1>
+    <% if (it.cause) { %>
+      <p style="color: #dc3545; margin-top: 15px;"><%= it.cause %></p>
+    <% } %>
+    <p style="color: #dc3545; font-weight: 600; margin-top: 10px;"><%= it.lang("failure") %></p>
+  </div>
 </div>

web/views/index.eta

@@ -1,45 +1,61 @@
 <% layout('./layout') %>
 
-<div id="content">
-  <div width="100%" style="text-align:right;color:grey"><%= it.version %></div>
-  <h1><%= it.bonobService.name %> (<%= it.bonobService.sid %>)</h1>
-  <h3><%= it.lang("expectedConfig") %></h3>
-  <div><%= JSON.stringify(it.bonobService) %></div>
-  <br/>
+<div id="content" class="index-content">
+  <div style="text-align:right;color:#999;font-size:0.85rem;margin-bottom:20px"><%= it.version %></div>
+  <div class="logo">🎵</div>
+  <h1><%= it.bonobService.name %></h1>
+  <p style="color:#999;margin-bottom:30px">Service ID: <%= it.bonobService.sid %></p>
+
   <% if(it.devices.length > 0) { %>
-  <form action="<%= it.createRegistrationRoute %>" method="POST">
-    <input type="submit" value="<%= it.lang("register") %>">
+  <form action="<%= it.createRegistrationRoute %>" method="POST" style="margin-bottom:30px">
+    <input type="submit" value="<%= it.lang("register") %>" id="submit">
   </form>
-  <br/>
   <% } else { %>
-  <h3><%= it.lang("noSonosDevices") %></h3>
-  <br/>
+  <p style="color:#dc3545;font-weight:600;margin:30px 0"><%= it.lang("noSonosDevices") %></p>
   <% } %>
 
   <% if(it.registeredBonobService) { %>
-    <h3><%= it.lang("existingServiceConfig") %></h3>
-    <div><%= JSON.stringify(it.registeredBonobService) %></div>
+    <div style="margin:20px 0;padding:15px;background:#f8f9fa;border-radius:8px">
+      <h3 style="font-size:1.1rem;margin-bottom:10px;color:#667eea"><%= it.lang("existingServiceConfig") %></h3>
+      <pre style="font-size:0.85rem;text-align:left;overflow-x:auto"><%= JSON.stringify(it.registeredBonobService, null, 2) %></pre>
+    </div>
   <% } else { %>
-    <h3><%= it.lang("noExistingServiceRegistration") %></h3>
+    <p style="color:#999;margin:20px 0"><%= it.lang("noExistingServiceRegistration") %></p>
   <% } %>
+
   <% if(it.registeredBonobService) { %>
-    <br/>
-    <form action="<%= it.removeRegistrationRoute %>" method="POST">
-      <input type="submit" value="<%= it.lang("removeRegistration") %>">
+    <form action="<%= it.removeRegistrationRoute %>" method="POST" style="margin:20px 0">
+      <input type="submit" value="<%= it.lang("removeRegistration") %>" id="submit" style="background:#dc3545">
     </form>
   <% } %>
 
-  <br/>
-  <h2><%= it.lang("devices") %> (<%= it.devices.length %>)</h2>
-  <ul>
-    <% it.devices.forEach(function(d){ %>
-      <li><%= d.name %> (<%= d.ip %>:<%= d.port %>)</li>
-    <% }) %>
-  </ul>
-  <h2><%= it.lang("services") %> (<%= it.services.length %>)</h2>
-  <ul>
-    <% it.services.forEach(function(s){ %>
-      <li><%= s.name %> (<%= s.sid %>)</li>
-    <% }) %>
-  </ul>
+  <div style="margin-top:40px;padding-top:30px;border-top:2px solid #e0e0e0">
+    <h2 style="font-size:1.5rem;margin-bottom:15px"><%= it.lang("devices") %> (<%= it.devices.length %>)</h2>
+    <% if(it.devices.length > 0) { %>
+    <ul style="list-style:none;text-align:left;padding:0">
+      <% it.devices.forEach(function(d){ %>
+        <li style="padding:10px;margin:5px 0;background:#f8f9fa;border-radius:6px">
+          <strong><%= d.name %></strong> <span style="color:#999">(<%= d.ip %>:<%= d.port %>)</span>
+        </li>
+      <% }) %>
+    </ul>
+    <% } else { %>
+    <p style="color:#999">No devices found</p>
+    <% } %>
+  </div>
+
+  <div style="margin-top:30px">
+    <h2 style="font-size:1.5rem;margin-bottom:15px"><%= it.lang("services") %> (<%= it.services.length %>)</h2>
+    <% if(it.services.length > 0) { %>
+    <ul style="list-style:none;text-align:left;padding:0">
+      <% it.services.forEach(function(s){ %>
+        <li style="padding:10px;margin:5px 0;background:#f8f9fa;border-radius:6px">
+          <strong><%= s.name %></strong> <span style="color:#999">(SID: <%= s.sid %>)</span>
+        </li>
+      <% }) %>
+    </ul>
+    <% } else { %>
+    <p style="color:#999">No services registered</p>
+    <% } %>
+  </div>
 </div>

web/views/layout.eta

@@ -1,46 +1,189 @@
 <!DOCTYPE html>
 <html lang="en">
   <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title><%= it.title || "bonob" %></title>
     <style>
+* {
+  margin: 0;
+  padding: 0;
+  box-sizing: border-box;
+}
+
 body {
-  font-family: -apple-system,BlinkMacSystemFont,"Segoe UI","Roboto","Oxygen","Ubuntu","Cantarell","Fira Sans","Droid Sans","Helvetica Neue",sans-serif;
-}    
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;
+  background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+  min-height: 100vh;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 20px;
+}
 
 div#content {
-  margin: auto;
-  width: 60%;
+  background: white;
+  border-radius: 20px;
+  box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+  padding: 50px 40px;
+  max-width: 450px;
+  width: 100%;
+  animation: slideIn 0.5s ease-out;
+}
+
+@keyframes slideIn {
+  from {
+    opacity: 0;
+    transform: translateY(-30px);
+  }
+  to {
+    opacity: 1;
+    transform: translateY(0);
+  }
 }
 
 h1 {
-  font-size: 700%;
+  font-size: 2.5rem;
+  font-weight: 700;
+  color: #333;
+  text-align: center;
+  margin-bottom: 40px;
+  background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+  -webkit-background-clip: text;
+  -webkit-text-fill-color: transparent;
+  background-clip: text;
+}
+
+form {
+  display: flex;
+  flex-direction: column;
+  gap: 25px;
+}
+
+.form-group {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
 }
 
 label {
-  font-size: 300%;
+  font-size: 0.95rem;
+  font-weight: 600;
+  color: #555;
+  margin-left: 5px;
 }
 
-input {
-  font-size: 300%;
-  width: 80%;
+input[type="text"],
+input[type="password"] {
+  width: 100%;
+  padding: 15px 20px;
+  font-size: 1rem;
+  border: 2px solid #e0e0e0;
+  border-radius: 12px;
+  transition: all 0.3s ease;
+  background: #f8f9fa;
+}
+
+input[type="text"]:focus,
+input[type="password"]:focus {
+  outline: none;
+  border-color: #667eea;
+  background: white;
+  box-shadow: 0 0 0 4px rgba(102, 126, 234, 0.1);
+  transform: translateY(-2px);
 }
 
 input#submit {
-  margin-top: 100px
+  width: 100%;
+  padding: 16px;
+  font-size: 1.1rem;
+  font-weight: 600;
+  color: white;
+  background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+  border: none;
+  border-radius: 12px;
+  cursor: pointer;
+  transition: all 0.3s ease;
+  margin-top: 10px;
+  box-shadow: 0 4px 15px rgba(102, 126, 234, 0.4);
 }
 
-.one-word-per-line {
-    word-spacing: 100000px; 
+input#submit:hover {
+  transform: translateY(-2px);
+  box-shadow: 0 6px 20px rgba(102, 126, 234, 0.5);
 }
 
-.login{
-    width: min-intrinsic;
-    width: -webkit-min-content;
-    width: -moz-min-content;
-    width: min-content;
-    display: table-caption;
-    display: -ms-grid;
-    -ms-grid-columns: min-content;
+input#submit:active {
+  transform: translateY(0);
+}
+
+.logo {
+  text-align: center;
+  margin-bottom: 20px;
+  font-size: 3rem;
+  opacity: 0.9;
+}
+
+/* Success and failure page styles */
+.message-container {
+  text-align: center;
+  padding: 20px 0;
+}
+
+.message-container h1 {
+  font-size: 2rem;
+  margin-bottom: 20px;
+}
+
+.message-container p {
+  font-size: 1.1rem;
+  color: #666;
+  line-height: 1.6;
+}
+
+/* Index page styles */
+.index-content {
+  text-align: center;
+}
+
+.index-content h1 {
+  font-size: 2.5rem;
+  margin-bottom: 20px;
+}
+
+.index-content p {
+  font-size: 1.1rem;
+  color: #666;
+  line-height: 1.8;
+  margin-bottom: 15px;
+}
+
+.index-content a {
+  color: #667eea;
+  text-decoration: none;
+  font-weight: 600;
+  transition: color 0.3s ease;
+}
+
+.index-content a:hover {
+  color: #764ba2;
+  text-decoration: underline;
+}
+
+/* Responsive design */
+@media (max-width: 500px) {
+  div#content {
+    padding: 40px 30px;
+  }
+
+  h1 {
+    font-size: 2rem;
+  }
+
+  input[type="text"],
+  input[type="password"] {
+    padding: 12px 16px;
+  }
 }
     </style>
   </head>

web/views/login.eta

@@ -1,12 +1,17 @@
 <% layout('./layout', { title: it.lang("login") }) %>
 
 <div id="content">
-  <h1 class="login one-word-per-line"><%= it.lang("logInToBonob") %></h1>
+  <div class="logo">🎵</div>
+  <h1><%= it.lang("logInToBonob") %></h1>
   <form action="<%= it.loginRoute %>" method="POST">
-    <label for="username"><%= it.lang("username") %>:</label><br>
-    <input type="text" id="username" name="username"><br><br>
-    <label for="password"><%= it.lang("password") %>:</label><br>
-    <input type="password" id="password" name="password"><br>
+    <div class="form-group">
+      <label for="username"><%= it.lang("username") %></label>
+      <input type="text" id="username" name="username" required autofocus>
+    </div>
+    <div class="form-group">
+      <label for="password"><%= it.lang("password") %></label>
+      <input type="password" id="password" name="password" required>
+    </div>
     <input type="hidden" name="linkCode" value="<%= it.linkCode %>">
     <input type="submit" value="<%= it.lang("login") %>" id="submit">
   </form>

web/views/success.eta

@@ -1,5 +1,9 @@
 <% layout('./layout', { title: it.lang("success") }) %>
 
 <div id="content">
-  <h1 class="success"><%= it.message %></h1>
+  <div class="message-container">
+    <div class="logo">✓</div>
+    <h1><%= it.message %></h1>
+    <p style="color: #28a745; font-weight: 600; margin-top: 10px;"><%= it.lang("success") %></p>
+  </div>
 </div>