Update version to 1.9.11

Improve build.sh

.github/workflows/build.yml

@@ -124,7 +124,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ github.repository }}
+            name=${{ github.repository }},enable=${{ github.event.repository.fork == false }}
             ghcr.io/${{ github.repository }}
           tags: |
             type=ref,event=branch
@@ -138,14 +138,14 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push' && github.event.repository.fork == false
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -181,7 +181,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ github.repository }}
+            name=${{ github.repository }},enable=${{ github.event.repository.fork == false }}
             ghcr.io/${{ github.repository }}
           flavor: |
             suffix=-hardware,onlatest=true
@@ -198,14 +198,14 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push' && github.event.repository.fork == false
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      
+
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -236,7 +236,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ github.repository }}
+            name=${{ github.repository }},enable=${{ github.event.repository.fork == false }}
             ghcr.io/${{ github.repository }}
           flavor: |
             suffix=-rockchip,onlatest=true
@@ -253,14 +253,14 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push' && github.event.repository.fork == false
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io

.gitignore

@@ -9,6 +9,9 @@ go2rtc_linux*
 go2rtc_mac*
 go2rtc_win*
 
+/go2rtc
+/go2rtc.exe
+
 0_test.go
 
 .DS_Store

README.md

@@ -26,7 +26,6 @@ Ultimate camera streaming application with support for RTSP, WebRTC, HomeKit, FF
    - mixing tracks from different sources to single stream
    - auto-match client-supported codecs
    - [2-way audio](#two-way-audio) for some cameras
-- streaming from private networks via [ngrok](#module-ngrok)
 - can be [integrated to](#module-api) any smart home platform or be used as [standalone app](#go2rtc-binary)
 
 **Inspired by:**
@@ -39,6 +38,9 @@ Ultimate camera streaming application with support for RTSP, WebRTC, HomeKit, FF
 - HomeKit Accessory Protocol from [@brutella](https://github.com/brutella/hap)
 - creator of the project's logo [@v_novoseltsev](https://www.instagram.com/v_novoseltsev) 
 
+> [!CAUTION]
+> There is NO existing website for go2rtc project other than this GitHub repository. The website go2rtc[.]com is in no way associated with the authors of this project.
+
 ---
 
 * [Fast start](#fast-start)
@@ -69,12 +71,14 @@ Ultimate camera streaming application with support for RTSP, WebRTC, HomeKit, FF
     * [Source: Hass](#source-hass)
     * [Source: ISAPI](#source-isapi)
     * [Source: Nest](#source-nest)
+    * [Source: Ring](#source-ring)
     * [Source: Roborock](#source-roborock)
     * [Source: WebRTC](#source-webrtc)
     * [Source: WebTorrent](#source-webtorrent)
     * [Incoming sources](#incoming-sources)
     * [Stream to camera](#stream-to-camera)
     * [Publish stream](#publish-stream)
+    * [Preload stream](#preload-stream)
   * [Module: API](#module-api)
   * [Module: RTSP](#module-rtsp)
   * [Module: RTMP](#module-rtmp)
@@ -133,7 +137,7 @@ Don't forget to fix the rights `chmod +x go2rtc_xxx_xxx` on Linux and Mac.
 
 ### go2rtc: Docker
 
-The Docker container [`alexxit/go2rtc`](https://hub.docker.com/r/alexxit/go2rtc) supports multiple architectures including `amd64`, `386`, `arm64`, and `arm`. This container offers the same functionality as the [Home Assistant Add-on](#go2rtc-home-assistant-add-on) but is designed to operate independently of Home Assistant. It comes preinstalled with [FFmpeg](#source-ffmpeg), [ngrok](#module-ngrok), and [Python](#source-echo).
+The Docker container [`alexxit/go2rtc`](https://hub.docker.com/r/alexxit/go2rtc) supports multiple architectures including `amd64`, `386`, `arm64`, and `arm`. This container offers the same functionality as the [Home Assistant Add-on](#go2rtc-home-assistant-add-on) but is designed to operate independently of Home Assistant. It comes preinstalled with [FFmpeg](#source-ffmpeg) and [Python](#source-echo).
 
 ### go2rtc: Home Assistant Add-on
 
@@ -199,6 +203,7 @@ Available source types:
 - [bubble](#source-bubble) - streaming from ESeeCloud/dvr163 NVR
 - [dvrip](#source-dvrip) - streaming from DVR-IP NVR
 - [tapo](#source-tapo) - TP-Link Tapo cameras with [two way audio](#two-way-audio) support
+- [ring](#source-ring) - Ring cameras with [two way audio](#two-way-audio) support
 - [kasa](#source-tapo) - TP-Link Kasa cameras
 - [gopro](#source-gopro) - GoPro cameras
 - [ivideon](#source-ivideon) - public cameras from [Ivideon](https://tv.ivideon.com/) service
@@ -220,6 +225,7 @@ Supported sources:
 - [Hikvision ISAPI](#source-isapi) cameras
 - [Roborock vacuums](#source-roborock) models with cameras
 - [Exec](#source-exec) audio on server
+- [Ring](#source-ring) cameras
 - [Any Browser](#incoming-browser) as IP-camera
 
 Two-way audio can be used in browser with [WebRTC](#module-webrtc) technology. The browser will give access to the microphone only for HTTPS sites ([read more](https://stackoverflow.com/questions/52759992/how-to-access-camera-and-microphone-in-chrome-without-https)).
@@ -646,6 +652,16 @@ streams:
   nest-doorbell: nest:?client_id=***&client_secret=***&refresh_token=***&project_id=***&device_id=***
 ```
 
+#### Source: Ring
+
+This source type support Ring cameras with [two way audio](#two-way-audio) support. If you have a `refresh_token` and `device_id` - you can use it in `go2rtc.yaml` config file. Otherwise, you can use the go2rtc interface and add your ring account (WebUI > Add > Ring). Once added, it will list all your Ring cameras.
+
+```yaml
+streams:
+  ring: ring:?device_id=XXX&refresh_token=XXX
+  ring_snapshot: ring:?device_id=XXX&refresh_token=XXX&snapshot
+```
+
 #### Source: Roborock
 
 *[New in v1.3.0](https://github.com/AlexxIT/go2rtc/releases/tag/v1.3.0)*
@@ -688,7 +704,7 @@ Supports [Amazon Kinesis Video Streams](https://aws.amazon.com/kinesis/video-str
 
 **switchbot**
 
-Support connection to [SwitchBot](https://us.switch-bot.com/) cameras that are based on Kinesis Video Streams. Specifically, this includes [Pan/Tilt Cam Plus 2K](https://us.switch-bot.com/pages/switchbot-pan-tilt-cam-plus-2k) and [Pan/Tilt Cam Plus 3K](https://us.switch-bot.com/pages/switchbot-pan-tilt-cam-plus-3k). `Outdoor Spotlight Cam 1080P`, `Outdoor Spotlight Cam 2K`, `Pan/Tilt Cam`, `Pan/Tilt Cam 2K`, `Indoor Cam` are based on Tuya, so this feature is not available.
+Support connection to [SwitchBot](https://us.switch-bot.com/) cameras that are based on Kinesis Video Streams. Specifically, this includes [Pan/Tilt Cam Plus 2K](https://us.switch-bot.com/pages/switchbot-pan-tilt-cam-plus-2k) and [Pan/Tilt Cam Plus 3K](https://us.switch-bot.com/pages/switchbot-pan-tilt-cam-plus-3k) and [Smart Video Doorbell](https://www.switchbot.jp/products/switchbot-smart-video-doorbell). `Outdoor Spotlight Cam 1080P`, `Outdoor Spotlight Cam 2K`, `Pan/Tilt Cam`, `Pan/Tilt Cam 2K`, `Indoor Cam` are based on Tuya, so this feature is not available.
 
 ```yaml
 streams:
@@ -697,7 +713,7 @@ streams:
   webrtc-openipc:   webrtc:ws://192.168.1.123/webrtc_ws#format=openipc#ice_servers=[{"urls":"stun:stun.kinesisvideo.eu-north-1.amazonaws.com:443"}]
   webrtc-wyze:      webrtc:http://192.168.1.123:5000/signaling/camera1?kvs#format=wyze
   webrtc-kinesis:   webrtc:wss://...amazonaws.com/?...#format=kinesis#client_id=...#ice_servers=[{...},{...}]
-  webrtc-switchbot: webrtc:wss://...amazonaws.com/?...#format=switchbot#resolution=hd#client_id=...#ice_servers=[{...},{...}]
+  webrtc-switchbot: webrtc:wss://...amazonaws.com/?...#format=switchbot#resolution=hd#play_type=0#client_id=...#ice_servers=[{...},{...}]
 ```
 
 **PS.** For `kinesis` sources, you can use [echo](#source-echo) to get connection params using `bash`, `python` or any other script language.
@@ -822,6 +838,26 @@ streams:
 - **Telegram Desktop App** > Any public or private channel or group (where you admin) > Live stream > Start with... > Start streaming.
 - **YouTube** > Create > Go live > Stream latency: Ultra low-latency > Copy: Stream URL + Stream key.
 
+### Preload stream
+
+You can preload any stream on go2rtc start. This is useful for cameras that take a long time to start up.
+
+```yaml
+preload:
+  camera1:                                     # default: video&audio = ANY
+  camera2: "video"                             # preload only video track
+  camera3: "video=h264&audio=opus"             # preload H264 video and OPUS audio
+
+streams:
+  camera1: 
+    - rtsp://192.168.1.100/stream
+  camera2: 
+    - rtsp://192.168.1.101/stream  
+  camera3: 
+    - rtsp://192.168.1.102/h265stream
+    - ffmpeg:camera3#video=h264#audio=opus#hardware
+```
+
 ### Module: API
 
 The HTTP API is the main part for interacting with the application. Default address: `http://localhost:1984/`.
@@ -940,15 +976,6 @@ webrtc:
     - stun:8555  # if you have a dynamic public IP address
 ```
 
-**Private IP**
-
-- setup integration with [ngrok service](#module-ngrok)
-
-```yaml
-ngrok:
-  command: ...
-```
-
 **Hard tech way 1. Own TCP-tunnel**
 
 If you have a personal [VPS](https://en.wikipedia.org/wiki/Virtual_private_server), you can create a TCP tunnel and setup in the same way as "Static public IP". But use your VPS IP address in the YAML config.
@@ -1046,63 +1073,9 @@ webtorrent:
 
 Link example: https://alexxit.github.io/go2rtc/#share=02SNtgjKXY&pwd=wznEQqznxW&media=video+audio
 
-TODO: article on how it works...
-
 ### Module: ngrok
 
-With ngrok integration, you can get external access to your streams in situations when you have Internet with a private IP address.
-
-- ngrok is pre-installed for **Docker** and **Hass add-on** users
-- you may need external access for two different things:
-  - WebRTC stream, so you need a tunnel WebRTC TCP port (ex. 8555)
-  - go2rtc web interface, so you need a tunnel API HTTP port (ex. 1984)
-- ngrok supports authorization for your web interface
-- ngrok automatically adds HTTPS to your web interface
-
-The ngrok free subscription has the following limitations:
-
-- You can reserve a free domain for serving the web interface, but the TCP address you get will always be random and change with each restart of the ngrok agent (not a problem for WebRTC stream)
-- You can forward multiple ports from a single agent, but you can only run one ngrok agent on the free plan
-
-go2rtc will automatically get your external TCP address (if you enable it in ngrok config) and use it with WebRTC connection (if you enable it in webrtc config).
-
-You need to manually download the [ngrok agent app](https://ngrok.com/download) for your OS and register with the [ngrok service](https://ngrok.com/signup).
-
-**Tunnel for only WebRTC Stream**
-
-You need to add your [ngrok authtoken](https://dashboard.ngrok.com/get-started/your-authtoken) and WebRTC TCP port to YAML:
-
-```yaml
-ngrok:
-  command: ngrok tcp 8555 --authtoken eW91IHNoYWxsIG5vdCBwYXNzCnlvdSBzaGFsbCBub3QgcGFzcw
-```
-
-**Tunnel for WebRTC and Web interface**
-
-You need to create `ngrok.yaml` config file and add it to the go2rtc config:
-
-```yaml
-ngrok:
-  command: ngrok start --all --config ngrok.yaml
-```
-
-ngrok config example:
-
-```yaml
-version: "2"
-authtoken: eW91IHNoYWxsIG5vdCBwYXNzCnlvdSBzaGFsbCBub3QgcGFzcw
-tunnels:
-  api:
-    addr: 1984  # use the same port as in the go2rtc config
-    proto: http
-    basic_auth:
-      - admin:password  # you can set login/pass for your web interface
-  webrtc:
-    addr: 8555  # use the same port as in the go2rtc config
-    proto: tcp
-```
-
-See the [ngrok agent documentation](https://ngrok.com/docs/agent/config/) for more details on the ngrok configuration file.
+With [ngrok](https://ngrok.com/) integration, you can get external access to your streams in situations when you have Internet with a private IP address ([read more](https://github.com/AlexxIT/go2rtc/blob/master/internal/ngrok/README.md)).
 
 ### Module: Hass
 
@@ -1221,7 +1194,6 @@ log:
   level: info  # default level
   api: trace
   exec: debug
-  ngrok: info
   rtsp: warn
   streams: error
   webrtc: fatal
@@ -1249,7 +1221,7 @@ webrtc:
 - external access to WebRTC TCP port is not a problem, because it is used only for transmitting encrypted media data
   - anyway you need to open this port to your local network and to the Internet for WebRTC to work
 
-If you need web interface protection without the Home Assistant add-on, you need to use a reverse proxy, like [Nginx](https://nginx.org/), [Caddy](https://caddyserver.com/), [ngrok](https://ngrok.com/), etc.
+If you need web interface protection without the Home Assistant add-on, you need to use a reverse proxy, like [Nginx](https://nginx.org/), [Caddy](https://caddyserver.com/), etc.
 
 PS. Additionally, WebRTC will try to use the 8555 UDP port to transmit encrypted media. It works without problems on the local network, and sometimes also works for external access, even if you haven't opened this port on your router ([read more](https://en.wikipedia.org/wiki/UDP_hole_punching)). But for stable external WebRTC access, you need to open the 8555 port on your router for both TCP and UDP.
 

api/openapi.yaml

@@ -237,6 +237,54 @@ paths:
 
 
 
+  /api/preload:
+    put:
+      summary: Preload new stream
+      tags: [ Streams list ]
+      parameters:
+        - name: src
+          in: query
+          description: Stream source (name)
+          required: true
+          schema: { type: string }
+          example: "camera1"
+        - name: video
+          in: query
+          description: Video codecs filter
+          required: false
+          schema: { type: string }
+          example: all,h264,h265,...
+        - name: audio
+          in: query
+          description: Audio codecs filter
+          required: false
+          schema: { type: string }
+          example: all,aac,opus,...
+        - name: microphone
+          in: query
+          description: Microphone codecs filter
+          required: false
+          schema: { type: string }
+          example: all,aac,opus,...
+      responses:
+            default:
+              description: Default response
+    delete:
+      summary: Delete preloaded stream
+      tags: [ Streams list ]
+      parameters:
+        - name: src
+          in: query
+          description: Stream source (name)
+          required: true
+          schema: { type: string }
+          example: "camera1"
+      responses:
+            default:
+              description: Default response
+
+
+
   /api/streams?src={src}:
     get:
       summary: Get stream info in JSON format

docker/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:labs
 
 # 0. Prepare images
-ARG PYTHON_VERSION="3.11"
+ARG PYTHON_VERSION="3.13"
 ARG GO_VERSION="1.25"
 
 

go.mod

@@ -1,28 +1,28 @@
 module github.com/AlexxIT/go2rtc
 
-go 1.23.0
+go 1.24.0
 
 require (
 	github.com/asticode/go-astits v1.13.0
-	github.com/expr-lang/expr v1.17.5
+	github.com/expr-lang/expr v1.17.6
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/mattn/go-isatty v0.0.20
-	github.com/miekg/dns v1.1.66
+	github.com/miekg/dns v1.1.68
 	github.com/pion/ice/v4 v4.0.10
-	github.com/pion/interceptor v0.1.40
-	github.com/pion/rtcp v1.2.15
-	github.com/pion/rtp v1.8.20
-	github.com/pion/sdp/v3 v3.0.14
-	github.com/pion/srtp/v3 v3.0.6
+	github.com/pion/interceptor v0.1.41
+	github.com/pion/rtcp v1.2.16
+	github.com/pion/rtp v1.8.24
+	github.com/pion/sdp/v3 v3.0.16
+	github.com/pion/srtp/v3 v3.0.8
 	github.com/pion/stun/v3 v3.0.0
-	github.com/pion/webrtc/v4 v4.1.3
+	github.com/pion/webrtc/v4 v4.1.6
 	github.com/rs/zerolog v1.34.0
 	github.com/sigurn/crc16 v0.0.0-20240131213347-83fcde1e29d1
 	github.com/sigurn/crc8 v0.0.0-20220107193325-2243fe600f9f
-	github.com/stretchr/testify v1.10.0
+	github.com/stretchr/testify v1.11.1
 	github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9
-	golang.org/x/crypto v0.39.0
+	golang.org/x/crypto v0.43.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -32,18 +32,18 @@ require (
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/pion/datachannel v1.5.10 // indirect
-	github.com/pion/dtls/v3 v3.0.6 // indirect
+	github.com/pion/dtls/v3 v3.0.7 // indirect
 	github.com/pion/logging v0.2.4 // indirect
 	github.com/pion/mdns/v2 v2.0.7 // indirect
 	github.com/pion/randutil v0.1.0 // indirect
-	github.com/pion/sctp v1.8.39 // indirect
-	github.com/pion/transport/v3 v3.0.7 // indirect
-	github.com/pion/turn/v4 v4.0.2 // indirect
+	github.com/pion/sctp v1.8.40 // indirect
+	github.com/pion/transport/v3 v3.0.8 // indirect
+	github.com/pion/turn/v4 v4.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/wlynxg/anet v0.0.5 // indirect
-	golang.org/x/mod v0.25.0 // indirect
-	golang.org/x/net v0.41.0 // indirect
-	golang.org/x/sync v0.15.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/tools v0.34.0 // indirect
+	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/net v0.46.0 // indirect
+	golang.org/x/sync v0.17.0 // indirect
+	golang.org/x/sys v0.37.0 // indirect
+	golang.org/x/tools v0.38.0 // indirect
 )

go.sum

@@ -14,6 +14,8 @@ github.com/expr-lang/expr v1.17.2 h1:o0A99O/Px+/DTjEnQiodAgOIK9PPxL8DtXhBRKC+Iso
 github.com/expr-lang/expr v1.17.2/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/expr-lang/expr v1.17.5 h1:i1WrMvcdLF249nSNlpQZN1S6NXuW9WaOfF5tPi3aw3k=
 github.com/expr-lang/expr v1.17.5/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
+github.com/expr-lang/expr v1.17.6 h1:1h6i8ONk9cexhDmowO/A64VPxHScu7qfSl2k8OlINec=
+github.com/expr-lang/expr v1.17.6/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -34,10 +36,14 @@ github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
 github.com/miekg/dns v1.1.63/go.mod h1:6NGHfjhpmr5lt3XPLuyfDJi5AXbNIPM9PY6H6sF1Nfs=
 github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE=
 github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE=
+github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
+github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
 github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk4o=
 github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M=
 github.com/pion/dtls/v3 v3.0.6 h1:7Hkd8WhAJNbRgq9RgdNh1aaWlZlGpYTzdqjy9x9sK2E=
 github.com/pion/dtls/v3 v3.0.6/go.mod h1:iJxNQ3Uhn1NZWOMWlLxEEHAN5yX7GyPvvKw04v9bzYU=
+github.com/pion/dtls/v3 v3.0.7 h1:bItXtTYYhZwkPFk4t1n3Kkf5TDrfj6+4wG+CZR8uI9Q=
+github.com/pion/dtls/v3 v3.0.7/go.mod h1:uDlH5VPrgOQIw59irKYkMudSFprY9IEFCqz/eTz16f8=
 github.com/pion/ice/v4 v4.0.9 h1:VKgU4MwA2LUDVLq+WBkpEHTcAb8c5iCvFMECeuPOZNk=
 github.com/pion/ice/v4 v4.0.9/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw=
 github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4=
@@ -46,6 +52,8 @@ github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVor
 github.com/pion/interceptor v0.1.37/go.mod h1:JzxbJ4umVTlZAf+/utHzNesY8tmRkM2lVmkS82TTj8Y=
 github.com/pion/interceptor v0.1.40 h1:e0BjnPcGpr2CFQgKhrQisBU7V3GXK6wrfYrGYaU6Jq4=
 github.com/pion/interceptor v0.1.40/go.mod h1:Z6kqH7M/FYirg3frjGJ21VLSRJGBXB/KqaTIrdqnOic=
+github.com/pion/interceptor v0.1.41 h1:NpvX3HgWIukTf2yTBVjVGFXtpSpWgXjqz7IIpu7NsOw=
+github.com/pion/interceptor v0.1.41/go.mod h1:nEt4187unvRXJFyjiw00GKo+kIuXMWQI9K89fsosDLY=
 github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI=
 github.com/pion/logging v0.2.3/go.mod h1:z8YfknkquMe1csOrxK5kc+5/ZPAzMxbKLX5aXpbpC90=
 github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8=
@@ -56,34 +64,50 @@ github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
 github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
 github.com/pion/rtcp v1.2.15 h1:LZQi2JbdipLOj4eBjK4wlVoQWfrZbh3Q6eHtWtJBZBo=
 github.com/pion/rtcp v1.2.15/go.mod h1:jlGuAjHMEXwMUHK78RgX0UmEJFV4zUKOFHR7OP+D3D0=
+github.com/pion/rtcp v1.2.16 h1:fk1B1dNW4hsI78XUCljZJlC4kZOPk67mNRuQ0fcEkSo=
+github.com/pion/rtcp v1.2.16/go.mod h1:/as7VKfYbs5NIb4h6muQ35kQF/J0ZVNz2Z3xKoCBYOo=
 github.com/pion/rtp v1.8.13 h1:8uSUPpjSL4OlwZI8Ygqu7+h2p9NPFB+yAZ461Xn5sNg=
 github.com/pion/rtp v1.8.13/go.mod h1:8uMBJj32Pa1wwx8Fuv/AsFhn8jsgw+3rUC2PfoBZ8p4=
 github.com/pion/rtp v1.8.20 h1:8zcyqohadZE8FCBeGdyEvHiclPIezcwRQH9zfapFyYI=
 github.com/pion/rtp v1.8.20/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk=
+github.com/pion/rtp v1.8.24 h1:+ICyZXUQDv95EsHN70RrA4XKJf5MGWyC6QQc1u6/ynI=
+github.com/pion/rtp v1.8.24/go.mod h1:rF5nS1GqbR7H/TCpKwylzeq6yDM+MM6k+On5EgeThEM=
 github.com/pion/sctp v1.8.37 h1:ZDmGPtRPX9mKCiVXtMbTWybFw3z/hVKAZgU81wcOrqs=
 github.com/pion/sctp v1.8.37/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE=
 github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE=
 github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE=
+github.com/pion/sctp v1.8.40 h1:bqbgWYOrUhsYItEnRObUYZuzvOMsVplS3oNgzedBlG8=
+github.com/pion/sctp v1.8.40/go.mod h1:SPBBUENXE6ThkEksN5ZavfAhFYll+h+66ZiG6IZQuzo=
 github.com/pion/sdp/v3 v3.0.11 h1:VhgVSopdsBKwhCFoyyPmT1fKMeV9nLMrEKxNOdy3IVI=
 github.com/pion/sdp/v3 v3.0.11/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E=
 github.com/pion/sdp/v3 v3.0.14 h1:1h7gBr9FhOWH5GjWWY5lcw/U85MtdcibTyt/o6RxRUI=
 github.com/pion/sdp/v3 v3.0.14/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E=
+github.com/pion/sdp/v3 v3.0.16 h1:0dKzYO6gTAvuLaAKQkC02eCPjMIi4NuAr/ibAwrGDCo=
+github.com/pion/sdp/v3 v3.0.16/go.mod h1:9tyKzznud3qiweZcD86kS0ff1pGYB3VX+Bcsmkx6IXo=
 github.com/pion/srtp/v3 v3.0.4 h1:2Z6vDVxzrX3UHEgrUyIGM4rRouoC7v+NiF1IHtp9B5M=
 github.com/pion/srtp/v3 v3.0.4/go.mod h1:1Jx3FwDoxpRaTh1oRV8A/6G1BnFL+QI82eK4ms8EEJQ=
 github.com/pion/srtp/v3 v3.0.6 h1:E2gyj1f5X10sB/qILUGIkL4C2CqK269Xq167PbGCc/4=
 github.com/pion/srtp/v3 v3.0.6/go.mod h1:BxvziG3v/armJHAaJ87euvkhHqWe9I7iiOy50K2QkhY=
+github.com/pion/srtp/v3 v3.0.8 h1:RjRrjcIeQsilPzxvdaElN0CpuQZdMvcl9VZ5UY9suUM=
+github.com/pion/srtp/v3 v3.0.8/go.mod h1:2Sq6YnDH7/UDCvkSoHSDNDeyBcFgWL0sAVycVbAsXFg=
 github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw=
 github.com/pion/stun/v3 v3.0.0/go.mod h1:HvCN8txt8mwi4FBvS3EmDghW6aQJ24T+y+1TKjB5jyU=
 github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0=
 github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo=
+github.com/pion/transport/v3 v3.0.8 h1:oI3myyYnTKUSTthu/NZZ8eu2I5sHbxbUNNFW62olaYc=
+github.com/pion/transport/v3 v3.0.8/go.mod h1:+c2eewC5WJQHiAA46fkMMzoYZSuGzA/7E2FPrOYHctQ=
 github.com/pion/turn/v4 v4.0.0 h1:qxplo3Rxa9Yg1xXDxxH8xaqcyGUtbHYw4QSCvmFWvhM=
 github.com/pion/turn/v4 v4.0.0/go.mod h1:MuPDkm15nYSklKpN8vWJ9W2M0PlyQZqYt1McGuxG7mA=
 github.com/pion/turn/v4 v4.0.2 h1:ZqgQ3+MjP32ug30xAbD6Mn+/K4Sxi3SdNOTFf+7mpps=
 github.com/pion/turn/v4 v4.0.2/go.mod h1:pMMKP/ieNAG/fN5cZiN4SDuyKsXtNTr0ccN7IToA1zs=
+github.com/pion/turn/v4 v4.1.1 h1:9UnY2HB99tpDyz3cVVZguSxcqkJ1DsTSZ+8TGruh4fc=
+github.com/pion/turn/v4 v4.1.1/go.mod h1:2123tHk1O++vmjI5VSD0awT50NywDAq5A2NNNU4Jjs8=
 github.com/pion/webrtc/v4 v4.0.14 h1:nyds/sFRR+HvmWoBa6wrL46sSfpArE0qR883MBW96lg=
 github.com/pion/webrtc/v4 v4.0.14/go.mod h1:R3+qTnQTS03UzwDarYecgioNf7DYgTsldxnCXB821Kk=
 github.com/pion/webrtc/v4 v4.1.3 h1:YZ67Boj9X/hk190jJZ8+HFGQ6DqSZ/fYP3sLAZv7c3c=
 github.com/pion/webrtc/v4 v4.1.3/go.mod h1:rsq+zQ82ryfR9vbb0L1umPJ6Ogq7zm8mcn9fcGnxomM=
+github.com/pion/webrtc/v4 v4.1.6 h1:srHH2HwvCGwPba25EYJgUzgLqCQoXl1VCUnrGQMSzUw=
+github.com/pion/webrtc/v4 v4.1.6/go.mod h1:wKecGRlkl3ox/As/MYghJL+b/cVXMEhoPMJWPuGQFhU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.4.0/go.mod h1:NWz/XGvpEW1FyYQ7fCx4dqYBLlfTcE+A9FLAkNKqjFE=
@@ -102,6 +126,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9 h1:aeN+ghOV0b2VCmKKO3gqnDQ8mLbpABZgRR2FVYx4ouI=
 github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9/go.mod h1:roo6cZ/uqpwKMuvPG0YmzI5+AmUiMWfjCBZpGXqbTxE=
 github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU=
@@ -110,18 +136,26 @@ golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
 golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
 golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
 golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
 golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
+golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
 golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
 golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
 golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
+golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
 golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
 golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -129,10 +163,14 @@ golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
 golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
 golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
+golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
+golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

internal/app/config.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/AlexxIT/go2rtc/pkg/shell"
+	"github.com/AlexxIT/go2rtc/pkg/creds"
 	"github.com/AlexxIT/go2rtc/pkg/yaml"
 )
 
@@ -71,13 +71,15 @@ func initConfig(confs flagConfig) {
 			// config as file
 			if ConfigPath == "" {
 				ConfigPath = conf
+				initStorage()
 			}
 
 			if data, _ = os.ReadFile(conf); data == nil {
 				continue
 			}
 
-			data = []byte(shell.ReplaceEnvVars(string(data)))
+			loadEnv(data)
+			data = creds.ReplaceVars(data)
 			configs = append(configs, data)
 		}
 	}

internal/app/log.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/AlexxIT/go2rtc/pkg/creds"
 	"github.com/mattn/go-isatty"
 	"github.com/rs/zerolog"
 )
@@ -88,6 +89,8 @@ func initLogger() {
 		writer = MemoryLog
 	}
 
+	writer = creds.SecretWriter(writer)
+
 	lvl, _ := zerolog.ParseLevel(modules["level"])
 	Logger = zerolog.New(writer).Level(lvl)
 

internal/app/storage.go

@@ -0,0 +1,56 @@
+package app
+
+import (
+	"sync"
+
+	"github.com/AlexxIT/go2rtc/pkg/creds"
+	"github.com/AlexxIT/go2rtc/pkg/yaml"
+)
+
+func initStorage() {
+	storage = &envStorage{data: make(map[string]string)}
+	creds.SetStorage(storage)
+}
+
+func loadEnv(data []byte) {
+	var cfg struct {
+		Env map[string]string `yaml:"env"`
+	}
+
+	if err := yaml.Unmarshal(data, &cfg); err != nil {
+		return
+	}
+
+	storage.mu.Lock()
+	for name, value := range cfg.Env {
+		storage.data[name] = value
+		creds.AddSecret(value)
+	}
+	storage.mu.Unlock()
+}
+
+var storage *envStorage
+
+type envStorage struct {
+	data map[string]string
+	mu   sync.Mutex
+}
+
+func (s *envStorage) SetValue(name, value string) error {
+	if err := PatchConfig([]string{"env", name}, value); err != nil {
+		return err
+	}
+
+	s.mu.Lock()
+	s.data[name] = value
+	s.mu.Unlock()
+
+	return nil
+}
+
+func (s *envStorage) GetValue(name string) (value string, ok bool) {
+	s.mu.Lock()
+	value, ok = s.data[name]
+	s.mu.Unlock()
+	return
+}

internal/debug/stack.go

@@ -29,8 +29,8 @@ var stackSkip = [][]byte{
 	[]byte("created by github.com/AlexxIT/go2rtc/internal/homekit.Init"),
 
 	// webrtc/api.go
-	[]byte("created by github.com/pion/ice/v2.NewTCPMuxDefault"),
-	[]byte("created by github.com/pion/ice/v2.NewUDPMuxDefault"),
+	[]byte("created by github.com/pion/ice/v4.NewTCPMuxDefault"),
+	[]byte("created by github.com/pion/ice/v4.NewUDPMuxDefault"),
 }
 
 func stackHandler(w http.ResponseWriter, r *http.Request) {

internal/ffmpeg/ffmpeg.go

@@ -80,7 +80,7 @@ var defaults = map[string]string{
 	// `-profile high -level 4.1` - most used streaming profile
 	// `-pix_fmt:v yuv420p` - important for Telegram
 	"h264":  "-c:v libx264 -g 50 -profile:v high -level:v 4.1 -preset:v superfast -tune:v zerolatency -pix_fmt:v yuv420p",
-	"h265":  "-c:v libx265 -g 50 -profile:v main -level:v 5.1 -preset:v superfast -tune:v zerolatency -pix_fmt:v yuv420p",
+	"h265":  "-c:v libx265 -g 50 -profile:v main -x265-params level=5.1:high-tier=0 -preset:v superfast -tune:v zerolatency -pix_fmt:v yuv420p",
 	"mjpeg": "-c:v mjpeg",
 	//"mjpeg": "-c:v mjpeg -force_duplicated_matrix:v 1 -huffman:v 0 -pix_fmt:v yuvj420p",
 

internal/ngrok/README.md

@@ -0,0 +1,52 @@
+With ngrok integration, you can get external access to your streams in situations when you have Internet with a private IP address.
+
+- you may need external access for two different things:
+    - WebRTC stream, so you need a tunnel WebRTC TCP port (ex. 8555)
+    - go2rtc web interface, so you need a tunnel API HTTP port (ex. 1984)
+- ngrok supports authorization for your web interface
+- ngrok automatically adds HTTPS to your web interface
+
+The ngrok free subscription has the following limitations:
+
+- You can reserve a free domain for serving the web interface, but the TCP address you get will always be random and change with each restart of the ngrok agent (not a problem for WebRTC stream)
+- You can forward multiple ports from a single agent, but you can only run one ngrok agent on the free plan
+
+go2rtc will automatically get your external TCP address (if you enable it in ngrok config) and use it with WebRTC connection (if you enable it in webrtc config).
+
+You need to manually download the [ngrok agent app](https://ngrok.com/download) for your OS and register with the [ngrok service](https://ngrok.com/signup).
+
+**Tunnel for only WebRTC Stream**
+
+You need to add your [ngrok authtoken](https://dashboard.ngrok.com/get-started/your-authtoken) and WebRTC TCP port to YAML:
+
+```yaml
+ngrok:
+  command: ngrok tcp 8555 --authtoken eW91IHNoYWxsIG5vdCBwYXNzCnlvdSBzaGFsbCBub3QgcGFzcw
+```
+
+**Tunnel for WebRTC and Web interface**
+
+You need to create `ngrok.yaml` config file and add it to the go2rtc config:
+
+```yaml
+ngrok:
+  command: ngrok start --all --config ngrok.yaml
+```
+
+ngrok config example:
+
+```yaml
+version: "2"
+authtoken: eW91IHNoYWxsIG5vdCBwYXNzCnlvdSBzaGFsbCBub3QgcGFzcw
+tunnels:
+  api:
+    addr: 1984  # use the same port as in the go2rtc config
+    proto: http
+    basic_auth:
+      - admin:password  # you can set login/pass for your web interface
+  webrtc:
+    addr: 8555  # use the same port as in the go2rtc config
+    proto: tcp
+```
+
+See the [ngrok agent documentation](https://ngrok.com/docs/agent/config/) for more details on the ngrok configuration file.

internal/ring/ring.go

@@ -1,10 +1,11 @@
 package ring
 
 import (
-	"encoding/json"
 	"net/http"
 	"net/url"
 
+	"fmt"
+
 	"github.com/AlexxIT/go2rtc/internal/api"
 	"github.com/AlexxIT/go2rtc/internal/streams"
 	"github.com/AlexxIT/go2rtc/pkg/core"
@@ -21,8 +22,7 @@ func Init() {
 
 func apiRing(w http.ResponseWriter, r *http.Request) {
 	query := r.URL.Query()
-	var ringAPI *ring.RingRestClient
-	var err error
+	var ringAPI *ring.RingApi
 
 	// Check auth method
 	if email := query.Get("email"); email != "" {
@@ -30,7 +30,8 @@ func apiRing(w http.ResponseWriter, r *http.Request) {
 		password := query.Get("password")
 		code := query.Get("code")
 
-		ringAPI, err = ring.NewRingRestClient(ring.EmailAuth{
+		var err error
+		ringAPI, err = ring.NewRestClient(ring.EmailAuth{
 			Email:    email,
 			Password: password,
 		}, nil)
@@ -44,7 +45,7 @@ func apiRing(w http.ResponseWriter, r *http.Request) {
 		if _, err = ringAPI.GetAuth(code); err != nil {
 			if ringAPI.Using2FA {
 				// Return 2FA prompt
-				json.NewEncoder(w).Encode(map[string]interface{}{
+				api.ResponseJSON(w, map[string]interface{}{
 					"needs_2fa": true,
 					"prompt":    ringAPI.PromptFor2FA,
 				})
@@ -53,36 +54,39 @@ func apiRing(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-	} else {
+	} else if refreshToken := query.Get("refresh_token"); refreshToken != "" {
 		// Refresh Token Flow
-		refreshToken := query.Get("refresh_token")
 		if refreshToken == "" {
 			http.Error(w, "either email/password or refresh_token is required", http.StatusBadRequest)
 			return
 		}
 
-		ringAPI, err = ring.NewRingRestClient(ring.RefreshTokenAuth{
+		var err error
+		ringAPI, err = ring.NewRestClient(ring.RefreshTokenAuth{
 			RefreshToken: refreshToken,
 		}, nil)
+
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
+	} else {
+		http.Error(w, "either email/password or refresh token is required", http.StatusBadRequest)
+		return
 	}
 
-	// Fetch devices
 	devices, err := ringAPI.FetchRingDevices()
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 
-	// Create clean query with only required parameters
 	cleanQuery := url.Values{}
 	cleanQuery.Set("refresh_token", ringAPI.RefreshToken)
 
 	var items []*api.Source
 	for _, camera := range devices.AllCameras {
+		cleanQuery.Set("camera_id", fmt.Sprint(camera.ID))
 		cleanQuery.Set("device_id", camera.DeviceID)
 
 		// Stream source

internal/streams/api.go

@@ -5,10 +5,14 @@ import (
 
 	"github.com/AlexxIT/go2rtc/internal/api"
 	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/creds"
 	"github.com/AlexxIT/go2rtc/pkg/probe"
 )
 
 func apiStreams(w http.ResponseWriter, r *http.Request) {
+	w = creds.SecretResponse(w)
+
 	query := r.URL.Query()
 	src := query.Get("src")
 
@@ -27,7 +31,7 @@ func apiStreams(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		cons := probe.NewProbe(query)
+		cons := probe.Create("probe", query)
 		if len(cons.Medias) != 0 {
 			cons.WithRequest(r)
 			if err := stream.AddConsumer(cons); err != nil {
@@ -120,5 +124,55 @@ func apiStreamsDOT(w http.ResponseWriter, r *http.Request) {
 	}
 	dot = append(dot, '}')
 
+	dot = []byte(creds.SecretString(string(dot)))
+
 	api.Response(w, dot, "text/vnd.graphviz")
 }
+
+func apiPreload(w http.ResponseWriter, r *http.Request) {
+	query := r.URL.Query()
+	src := query.Get("src")
+
+	// check if stream exists
+	stream := Get(src)
+	if stream == nil {
+		http.Error(w, "", http.StatusNotFound)
+		return
+	}
+
+	switch r.Method {
+	case "PUT":
+		// it's safe to delete from map while iterating
+		for k := range query {
+			switch k {
+			case core.KindVideo, core.KindAudio, "microphone":
+			default:
+				delete(query, k)
+			}
+		}
+
+		rawQuery := query.Encode()
+
+		if err := AddPreload(stream, rawQuery); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := app.PatchConfig([]string{"preload", src}, rawQuery); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+
+	case "DELETE":
+		if err := DelPreload(stream); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := app.PatchConfig([]string{"preload", src}, nil); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+
+	default:
+		http.Error(w, "", http.StatusMethodNotAllowed)
+	}
+}

internal/streams/preload.go

@@ -0,0 +1,58 @@
+package streams
+
+import (
+	"errors"
+	"net/url"
+	"sync"
+
+	"github.com/AlexxIT/go2rtc/pkg/probe"
+)
+
+var preloads = map[*Stream]*probe.Probe{}
+var preloadsMu sync.Mutex
+
+func Preload(stream *Stream, rawQuery string) {
+	if err := AddPreload(stream, rawQuery); err != nil {
+		log.Error().Err(err).Caller().Send()
+	}
+}
+
+func AddPreload(stream *Stream, rawQuery string) error {
+	if rawQuery == "" {
+		rawQuery = "video&audio"
+	}
+
+	query, err := url.ParseQuery(rawQuery)
+	if err != nil {
+		return err
+	}
+
+	preloadsMu.Lock()
+	defer preloadsMu.Unlock()
+
+	if cons := preloads[stream]; cons != nil {
+		stream.RemoveConsumer(cons)
+	}
+
+	cons := probe.Create("preload", query)
+
+	if err = stream.AddConsumer(cons); err != nil {
+		return err
+	}
+
+	preloads[stream] = cons
+	return nil
+}
+
+func DelPreload(stream *Stream) error {
+	preloadsMu.Lock()
+	defer preloadsMu.Unlock()
+
+	if cons := preloads[stream]; cons != nil {
+		stream.RemoveConsumer(cons)
+		delete(preloads, stream)
+		return nil
+	}
+
+	return errors.New("streams: preload not found")
+}

internal/streams/streams.go

@@ -14,8 +14,9 @@ import (
 
 func Init() {
 	var cfg struct {
-		Streams map[string]any `yaml:"streams"`
-		Publish map[string]any `yaml:"publish"`
+		Streams map[string]any    `yaml:"streams"`
+		Publish map[string]any    `yaml:"publish"`
+		Preload map[string]string `yaml:"preload"`
 	}
 
 	app.LoadConfig(&cfg)
@@ -28,17 +29,24 @@ func Init() {
 
 	api.HandleFunc("api/streams", apiStreams)
 	api.HandleFunc("api/streams.dot", apiStreamsDOT)
+	api.HandleFunc("api/preload", apiPreload)
 
-	if cfg.Publish == nil {
+	if cfg.Publish == nil && cfg.Preload == nil {
 		return
 	}
 
 	time.AfterFunc(time.Second, func() {
+		// range for nil map is OK
 		for name, dst := range cfg.Publish {
 			if stream := Get(name); stream != nil {
 				Publish(stream, dst)
 			}
 		}
+		for name, rawQuery := range cfg.Preload {
+			if stream := Get(name); stream != nil {
+				Preload(stream, rawQuery)
+			}
+		}
 	})
 }
 

internal/webrtc/switchbot.go

@@ -33,8 +33,12 @@ func switchbotClient(rawURL string, query url.Values) (core.Producer, error) {
 			v.Resolution = 0
 		case "sd":
 			v.Resolution = 1
+		case "auto":
+			v.Resolution = 2
 		}
 
+		v.PlayType = core.Atoi(query.Get("play_type")) // zero by default
+
 		return v, nil
 	})
 }

main.go

@@ -44,7 +44,7 @@ import (
 )
 
 func main() {
-	app.Version = "1.9.10"
+	app.Version = "1.9.11"
 
 	// 1. Core modules: app, api/ws, streams
 

pkg/creds/README.md

@@ -0,0 +1,7 @@
+# Credentials
+
+This module allows you to get variables:
+
+- from custom storage (ex. config file)
+- from [credential files](https://systemd.io/CREDENTIALS/)
+- from environment variables

pkg/creds/creds.go

@@ -0,0 +1,79 @@
+package creds
+
+import (
+	"errors"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+type Storage interface {
+	SetValue(name, value string) error
+	GetValue(name string) (string, bool)
+}
+
+var storage Storage
+
+func SetStorage(s Storage) {
+	storage = s
+}
+
+func SetValue(name, value string) error {
+	if storage == nil {
+		return errors.New("credentials: storage not initialized")
+	}
+	if err := storage.SetValue(name, value); err != nil {
+		return err
+	}
+	AddSecret(value)
+	return nil
+}
+
+func GetValue(name string) (value string, ok bool) {
+	value, ok = getValue(name)
+	AddSecret(value)
+	return
+}
+
+func getValue(name string) (string, bool) {
+	if storage != nil {
+		if value, ok := storage.GetValue(name); ok {
+			return value, true
+		}
+	}
+
+	if dir, ok := os.LookupEnv("CREDENTIALS_DIRECTORY"); ok {
+		if value, _ := os.ReadFile(filepath.Join(dir, name)); value != nil {
+			return strings.TrimSpace(string(value)), true
+		}
+	}
+
+	return os.LookupEnv(name)
+}
+
+// ReplaceVars - support format ${CAMERA_PASSWORD} and ${RTSP_USER:admin}
+func ReplaceVars(data []byte) []byte {
+	re := regexp.MustCompile(`\${([^}{]+)}`)
+	return re.ReplaceAllFunc(data, func(match []byte) []byte {
+		key := string(match[2 : len(match)-1])
+
+		var def string
+		var defok bool
+
+		if i := strings.IndexByte(key, ':'); i > 0 {
+			key, def = key[:i], key[i+1:]
+			defok = true
+		}
+
+		if value, ok := GetValue(key); ok {
+			return []byte(value)
+		}
+
+		if defok {
+			return []byte(def)
+		}
+
+		return match
+	})
+}

pkg/creds/secrets.go

@@ -0,0 +1,83 @@
+package creds
+
+import (
+	"io"
+	"net/http"
+	"slices"
+	"strings"
+	"sync"
+)
+
+func AddSecret(value string) {
+	if value == "" {
+		return
+	}
+
+	secretsMu.Lock()
+	defer secretsMu.Unlock()
+
+	if slices.Contains(secrets, value) {
+		return
+	}
+
+	secrets = append(secrets, value)
+	secretsReplacer = nil
+}
+
+var secrets []string
+var secretsMu sync.Mutex
+var secretsReplacer *strings.Replacer
+
+func getReplacer() *strings.Replacer {
+	secretsMu.Lock()
+	defer secretsMu.Unlock()
+
+	if secretsReplacer == nil {
+		oldnew := make([]string, 0, 2*len(secrets))
+		for _, s := range secrets {
+			oldnew = append(oldnew, s, "***")
+		}
+		secretsReplacer = strings.NewReplacer(oldnew...)
+	}
+
+	return secretsReplacer
+}
+
+func SecretString(s string) string {
+	re := getReplacer()
+	return re.Replace(s)
+}
+
+func SecretWriter(w io.Writer) io.Writer {
+	return &secretWriter{w}
+}
+
+type secretWriter struct {
+	w io.Writer
+}
+
+func (s *secretWriter) Write(b []byte) (int, error) {
+	re := getReplacer()
+	return re.WriteString(s.w, string(b))
+}
+
+type secretResponse struct {
+	w http.ResponseWriter
+}
+
+func (s *secretResponse) Header() http.Header {
+	return s.w.Header()
+}
+
+func (s *secretResponse) Write(b []byte) (int, error) {
+	re := getReplacer()
+	return re.WriteString(s.w, string(b))
+}
+
+func (s *secretResponse) WriteHeader(statusCode int) {
+	s.w.WriteHeader(statusCode)
+}
+
+func SecretResponse(w http.ResponseWriter) http.ResponseWriter {
+	return &secretResponse{w}
+}

pkg/creds/secrets_test.go

@@ -0,0 +1,15 @@
+package creds
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestString(t *testing.T) {
+	AddSecret("admin")
+	AddSecret("pa$$word")
+
+	s := SecretString("rtsp://admin:pa$$word@192.168.1.123/stream1")
+	require.Equal(t, "rtsp://***:***@192.168.1.123/stream1", s)
+}

pkg/doorbird/backchannel.go

@@ -88,6 +88,8 @@ func (c *Client) AddTrack(media *core.Media, codec *core.Codec, track *core.Rece
 }
 
 func (c *Client) Start() (err error) {
-	_, err = c.conn.Read(nil)
+	// just block until c.conn closed
+	b := make([]byte, 1)
+	_, err = c.conn.Read(b)
 	return
 }

pkg/h265/rtp.go

@@ -9,11 +9,12 @@ import (
 )
 
 func RTPDepay(codec *core.Codec, handler core.HandlerFunc) core.HandlerFunc {
-	//vps, sps, pps := GetParameterSet(codec.FmtpLine)
-	//ps := h264.EncodeAVC(vps, sps, pps)
+	vps, sps, pps := GetParameterSet(codec.FmtpLine)
+	ps := h264.JoinNALU(vps, sps, pps)
 
 	buf := make([]byte, 0, 512*1024) // 512K
 	var nuStart int
+	var seqNum uint16
 
 	return func(packet *rtp.Packet) {
 		data := packet.Payload
@@ -34,28 +35,55 @@ func RTPDepay(codec *core.Codec, handler core.HandlerFunc) core.HandlerFunc {
 			}
 		}
 
+		// when we collect data into one buffer, we need to make sure
+		// that all of it falls into the same sequence
+		if len(buf) > 0 && packet.SequenceNumber-seqNum != 1 {
+			//log.Printf("broken H265 sequence")
+			buf = buf[:0] // drop data
+			return
+		}
+
+		seqNum = packet.SequenceNumber
+
 		if nuType == NALUTypeFU {
 			switch data[2] >> 6 {
-			case 2: // begin
+			case 0b10: // begin
 				nuType = data[2] & 0x3F
 
 				// push PS data before keyframe
-				//if len(buf) == 0 && nuType >= 19 && nuType <= 21 {
-				//	buf = append(buf, ps...)
-				//}
+				if len(buf) == 0 && nuType >= 19 && nuType <= 21 {
+					buf = append(buf, ps...)
+				}
 
 				nuStart = len(buf)
 				buf = append(buf, 0, 0, 0, 0) // NAL unit size
 				buf = append(buf, (data[0]&0x81)|(nuType<<1), data[1])
 				buf = append(buf, data[3:]...)
 				return
-			case 0: // continue
+			case 0b00: // continue
+				if len(buf) == 0 {
+					//log.Printf("broken H265 fragment")
+					return
+				}
+
 				buf = append(buf, data[3:]...)
 				return
-			case 1: // end
+			case 0b01: // end
+				if len(buf) == 0 {
+					//log.Printf("broken H265 fragment")
+					return
+				}
+
 				buf = append(buf, data[3:]...)
+
+				if nuStart > len(buf)+4 {
+					//log.Printf("broken H265 fragment")
+					buf = buf[:0] // drop data
+					return
+				}
+
 				binary.BigEndian.PutUint32(buf[nuStart:], uint32(len(buf)-nuStart-4))
-			case 3: // wrong RFC 7798 realisation from OpenIPC project
+			case 0b11: // wrong RFC 7798 realisation from OpenIPC project
 				// A non-fragmented NAL unit MUST NOT be transmitted in one FU; i.e.,
 				// the Start bit and End bit must not both be set to 1 in the same FU
 				// header.
@@ -65,10 +93,8 @@ func RTPDepay(codec *core.Codec, handler core.HandlerFunc) core.HandlerFunc {
 				buf = append(buf, data[3:]...)
 			}
 		} else {
-			nuStart = len(buf)
-			buf = append(buf, 0, 0, 0, 0) // NAL unit size
+			buf = binary.BigEndian.AppendUint32(buf, uint32(len(data))) // NAL unit size
 			buf = append(buf, data...)
-			binary.BigEndian.PutUint32(buf[nuStart:], uint32(len(data)))
 		}
 
 		// collect all NAL Units for Access Unit

pkg/onvif/client.go

@@ -3,9 +3,10 @@ package onvif
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"html"
 	"io"
-	"net/http"
+	"net"
 	"net/url"
 	"regexp"
 	"strings"
@@ -43,7 +44,14 @@ func NewClient(rawURL string) (*Client, error) {
 	}
 
 	client.mediaURL = FindTagValue(b, "Media.+?XAddr")
+	if client.mediaURL == "" {
+		client.mediaURL = baseURL + "/onvif/media_service"
+	}
+
 	client.imaginURL = FindTagValue(b, "Imaging.+?XAddr")
+	if client.imaginURL == "" {
+		client.imaginURL = baseURL + "/onvif/imaging_service"
+	}
 
 	return client, nil
 }
@@ -175,26 +183,62 @@ func (c *Client) MediaRequest(operation string) ([]byte, error) {
 	return c.Request(c.mediaURL, operation)
 }
 
-func (c *Client) Request(url, body string) ([]byte, error) {
-	if url == "" {
+func (c *Client) Request(rawUrl, body string) ([]byte, error) {
+	if rawUrl == "" {
 		return nil, errors.New("onvif: unsupported service")
 	}
 
 	e := NewEnvelopeWithUser(c.url.User)
 	e.Append(body)
 
-	client := &http.Client{Timeout: time.Second * 5000}
-	res, err := client.Post(url, `application/soap+xml;charset=utf-8`, bytes.NewReader(e.Bytes()))
+	u, err := url.Parse(rawUrl)
 	if err != nil {
 		return nil, err
 	}
 
-	// need to close body with eny response status
-	b, err := io.ReadAll(res.Body)
-
-	if err == nil && res.StatusCode != http.StatusOK {
-		err = errors.New("onvif: " + res.Status + " for " + url)
+	host := u.Host
+	if u.Port() == "" {
+		host += ":80"
 	}
 
-	return b, err
+	conn, err := net.DialTimeout("tcp", host, 5*time.Second)
+	if err != nil {
+		return nil, err
+	}
+	defer conn.Close()
+
+	reqBody := e.Bytes()
+	rawReq := fmt.Appendf(nil, "POST %s HTTP/1.1\r\n"+
+		"Host: %s\r\n"+
+		"Content-Type: application/soap+xml;charset=utf-8\r\n"+
+		"Content-Length: %d\r\n"+
+		"Connection: close\r\n"+
+		"\r\n", u.Path, u.Host, len(reqBody))
+	rawReq = append(rawReq, reqBody...)
+
+	if _, err = conn.Write(rawReq); err != nil {
+		return nil, err
+	}
+
+	rawRes, err := io.ReadAll(conn)
+	if err != nil {
+		return nil, err
+	}
+
+	// Look for XML in complete response
+	if i := bytes.Index(rawRes, []byte("<?xml")); i > 0 {
+		return rawRes[i:], nil
+	}
+
+	// No XML found - might be an error response
+	if i := bytes.Index(rawRes, []byte("\r\n\r\n")); i > 0 {
+		if bytes.Contains(rawRes[:i], []byte("chunked")) {
+			return nil, errors.New("onvif: TODO: support chunked encoding")
+		}
+
+		// Return body after headers
+		return rawRes[i+4:], nil
+	}
+
+	return rawRes, nil
 }

pkg/probe/consumer.go

@@ -11,7 +11,7 @@ type Probe struct {
 	core.Connection
 }
 
-func NewProbe(query url.Values) *Probe {
+func Create(name string, query url.Values) *Probe {
 	medias := core.ParseQuery(query)
 
 	for _, value := range query["microphone"] {
@@ -32,39 +32,22 @@ func NewProbe(query url.Values) *Probe {
 	return &Probe{
 		Connection: core.Connection{
 			ID:         core.NewID(),
-			FormatName: "probe",
+			FormatName: name,
 			Medias:     medias,
 		},
 	}
 }
 
-func (p *Probe) GetMedias() []*core.Media {
-	return p.Medias
-}
-
 func (p *Probe) AddTrack(media *core.Media, codec *core.Codec, track *core.Receiver) error {
 	sender := core.NewSender(media, track.Codec)
-	sender.Bind(track)
+	sender.Handler = func(pkt *core.Packet) {
+		p.Send += len(pkt.Payload)
+	}
+	sender.HandleRTP(track)
 	p.Senders = append(p.Senders, sender)
 	return nil
 }
 
-func (p *Probe) GetTrack(media *core.Media, codec *core.Codec) (*core.Receiver, error) {
-	receiver := core.NewReceiver(media, codec)
-	p.Receivers = append(p.Receivers, receiver)
-	return receiver, nil
-}
-
 func (p *Probe) Start() error {
 	return nil
 }
-
-func (p *Probe) Stop() error {
-	for _, receiver := range p.Receivers {
-		receiver.Close()
-	}
-	for _, sender := range p.Senders {
-		sender.Close()
-	}
-	return nil
-}

pkg/ring/api.go

@@ -11,9 +11,13 @@ import (
 	"net/http"
 	"reflect"
 	"strings"
+	"sync"
 	"time"
 )
 
+var clientCache = map[string]*RingApi{}
+var cacheMutex sync.Mutex
+
 type RefreshTokenAuth struct {
 	RefreshToken string
 }
@@ -23,13 +27,11 @@ type EmailAuth struct {
 	Password string
 }
 
-// AuthConfig represents the decoded refresh token data
 type AuthConfig struct {
 	RT  string `json:"rt"`  // Refresh Token
 	HID string `json:"hid"` // Hardware ID
 }
 
-// AuthTokenResponse represents the response from the authentication endpoint
 type AuthTokenResponse struct {
 	AccessToken  string `json:"access_token"`
 	ExpiresIn    int    `json:"expires_in"`
@@ -46,41 +48,50 @@ type Auth2faResponse struct {
 	NextTimeInSecs   int    `json:"next_time_in_secs"`
 }
 
-// SocketTicketRequest represents the request to get a socket ticket
 type SocketTicketResponse struct {
 	Ticket            string `json:"ticket"`
 	ResponseTimestamp int64  `json:"response_timestamp"`
 }
 
-// RingRestClient handles authentication and requests to Ring API
-type RingRestClient struct {
+type SessionResponse struct {
+	Profile struct {
+		ID        int64  `json:"id"`
+		Email     string `json:"email"`
+		FirstName string `json:"first_name"`
+		LastName  string `json:"last_name"`
+	} `json:"profile"`
+}
+
+type RingApi struct {
 	httpClient     *http.Client
 	authConfig     *AuthConfig
 	hardwareID     string
 	authToken      *AuthTokenResponse
+	tokenExpiry    time.Time
 	Using2FA       bool
 	PromptFor2FA   string
 	RefreshToken   string
 	auth           interface{} // EmailAuth or RefreshTokenAuth
 	onTokenRefresh func(string)
+	authMutex      sync.Mutex
+	session        *SessionResponse
+	sessionExpiry  time.Time
+	sessionMutex   sync.Mutex
+	cacheKey       string
 }
 
-// CameraKind represents the different types of Ring cameras
 type CameraKind string
 
-// CameraData contains common fields for all camera types
 type CameraData struct {
-	ID          float64 `json:"id"`
-	Description string  `json:"description"`
-	DeviceID    string  `json:"device_id"`
-	Kind        string  `json:"kind"`
-	LocationID  string  `json:"location_id"`
+	ID          int    `json:"id"`
+	Description string `json:"description"`
+	DeviceID    string `json:"device_id"`
+	Kind        string `json:"kind"`
+	LocationID  string `json:"location_id"`
 }
 
-// RingDeviceType represents different types of Ring devices
 type RingDeviceType string
 
-// RingDevicesResponse represents the response from the Ring API
 type RingDevicesResponse struct {
 	Doorbots           []CameraData             `json:"doorbots"`
 	AuthorizedDoorbots []CameraData             `json:"authorized_doorbots"`
@@ -139,23 +150,49 @@ const (
 	apiVersion         = 11
 	defaultTimeout     = 20 * time.Second
 	maxRetries         = 3
+	sessionValidTime   = 12 * time.Hour
 )
 
-// NewRingRestClient creates a new Ring client instance
-func NewRingRestClient(auth interface{}, onTokenRefresh func(string)) (*RingRestClient, error) {
-	client := &RingRestClient{
-		httpClient:     &http.Client{Timeout: defaultTimeout},
-		onTokenRefresh: onTokenRefresh,
-		hardwareID:     generateHardwareID(),
-		auth:           auth,
-	}
+func NewRestClient(auth interface{}, onTokenRefresh func(string)) (*RingApi, error) {
+	var cacheKey string
 
+	// Create cache key based on auth data
 	switch a := auth.(type) {
 	case RefreshTokenAuth:
 		if a.RefreshToken == "" {
 			return nil, fmt.Errorf("refresh token is required")
 		}
+		cacheKey = "refresh:" + a.RefreshToken
+	case EmailAuth:
+		if a.Email == "" || a.Password == "" {
+			return nil, fmt.Errorf("email and password are required")
+		}
+		cacheKey = "email:" + a.Email + ":" + a.Password
+	default:
+		return nil, fmt.Errorf("invalid auth type")
+	}
 
+	cacheMutex.Lock()
+	defer cacheMutex.Unlock()
+
+	if cachedClient, ok := clientCache[cacheKey]; ok {
+		// Check if token is not nil and not expired
+		if cachedClient.authToken != nil && time.Now().Before(cachedClient.tokenExpiry) {
+			cachedClient.onTokenRefresh = onTokenRefresh
+			return cachedClient, nil
+		}
+	}
+
+	client := &RingApi{
+		httpClient:     &http.Client{Timeout: defaultTimeout},
+		onTokenRefresh: onTokenRefresh,
+		hardwareID:     generateHardwareID(),
+		auth:           auth,
+		cacheKey:       cacheKey,
+	}
+
+	switch a := auth.(type) {
+	case RefreshTokenAuth:
 		config, err := parseAuthConfig(a.RefreshToken)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse refresh token: %w", err)
@@ -164,160 +201,30 @@ func NewRingRestClient(auth interface{}, onTokenRefresh func(string)) (*RingRest
 		client.authConfig = config
 		client.hardwareID = config.HID
 		client.RefreshToken = a.RefreshToken
-	case EmailAuth:
-		if a.Email == "" || a.Password == "" {
-			return nil, fmt.Errorf("email and password are required")
-		}
-	default:
-		return nil, fmt.Errorf("invalid auth type")
 	}
 
+	clientCache[cacheKey] = client
+
 	return client, nil
 }
 
-// Request makes an authenticated request to the Ring API
-func (c *RingRestClient) Request(method, url string, body interface{}) ([]byte, error) {
-	// Ensure we have a valid auth token
-	if err := c.ensureAuth(); err != nil {
-		return nil, fmt.Errorf("authentication failed: %w", err)
-	}
-
-	var bodyReader io.Reader
-	if body != nil {
-		jsonBody, err := json.Marshal(body)
-		if err != nil {
-			return nil, fmt.Errorf("failed to marshal request body: %w", err)
-		}
-		bodyReader = bytes.NewReader(jsonBody)
-	}
-
-	// Create request
-	req, err := http.NewRequest(method, url, bodyReader)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create request: %w", err)
-	}
-
-	// Set headers
-	req.Header.Set("Authorization", "Bearer "+c.authToken.AccessToken)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("hardware_id", c.hardwareID)
-	req.Header.Set("User-Agent", "android:com.ringapp")
-
-	// Make request with retries
-	var resp *http.Response
-	var responseBody []byte
-
-	for attempt := 0; attempt <= maxRetries; attempt++ {
-		resp, err = c.httpClient.Do(req)
-		if err != nil {
-			if attempt == maxRetries {
-				return nil, fmt.Errorf("request failed after %d retries: %w", maxRetries, err)
-			}
-			time.Sleep(5 * time.Second)
-			continue
-		}
-		defer resp.Body.Close()
-
-		responseBody, err = io.ReadAll(resp.Body)
-		if err != nil {
-			return nil, fmt.Errorf("failed to read response body: %w", err)
-		}
-
-		// Handle 401 by refreshing auth and retrying
-		if resp.StatusCode == http.StatusUnauthorized {
-			c.authToken = nil // Force token refresh
-			if attempt == maxRetries {
-				return nil, fmt.Errorf("authentication failed after %d retries", maxRetries)
-			}
-			if err := c.ensureAuth(); err != nil {
-				return nil, fmt.Errorf("failed to refresh authentication: %w", err)
-			}
-			req.Header.Set("Authorization", "Bearer "+c.authToken.AccessToken)
-			continue
-		}
-
-		// Handle other error status codes
-		if resp.StatusCode >= 400 {
-			return nil, fmt.Errorf("request failed with status %d: %s", resp.StatusCode, string(responseBody))
-		}
-
-		break
-	}
-
-	return responseBody, nil
+func ClientAPI(path string) string {
+	return clientAPIBaseURL + path
 }
 
-// ensureAuth ensures we have a valid auth token
-func (c *RingRestClient) ensureAuth() error {
-	if c.authToken != nil {
-		return nil
-	}
-
-	var grantData = map[string]string{
-		"grant_type":    "refresh_token",
-		"refresh_token": c.authConfig.RT,
-	}
-
-	// Add common fields
-	grantData["client_id"] = "ring_official_android"
-	grantData["scope"] = "client"
-
-	// Make auth request
-	body, err := json.Marshal(grantData)
-	if err != nil {
-		return fmt.Errorf("failed to marshal auth request: %w", err)
-	}
-
-	req, err := http.NewRequest("POST", oauthURL, bytes.NewReader(body))
-	if err != nil {
-		return fmt.Errorf("failed to create auth request: %w", err)
-	}
-
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("hardware_id", c.hardwareID)
-	req.Header.Set("User-Agent", "android:com.ringapp")
-	req.Header.Set("2fa-support", "true")
-
-	resp, err := c.httpClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("auth request failed: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode == http.StatusPreconditionFailed {
-		return fmt.Errorf("2FA required. Please see documentation for handling 2FA")
-	}
-
-	if resp.StatusCode != http.StatusOK {
-		body, _ := io.ReadAll(resp.Body)
-		return fmt.Errorf("auth request failed with status %d: %s", resp.StatusCode, string(body))
-	}
-
-	var authResp AuthTokenResponse
-	if err := json.NewDecoder(resp.Body).Decode(&authResp); err != nil {
-		return fmt.Errorf("failed to decode auth response: %w", err)
-	}
-
-	// Update auth config and refresh token
-	c.authToken = &authResp
-	c.authConfig = &AuthConfig{
-		RT:  authResp.RefreshToken,
-		HID: c.hardwareID,
-	}
-
-	// Encode and notify about new refresh token
-	if c.onTokenRefresh != nil {
-		newRefreshToken := encodeAuthConfig(c.authConfig)
-		c.onTokenRefresh(newRefreshToken)
-	}
-
-	return nil
+func DeviceAPI(path string) string {
+	return deviceAPIBaseURL + path
 }
 
-// getAuth makes an authentication request to the Ring API
-func (c *RingRestClient) GetAuth(twoFactorAuthCode string) (*AuthTokenResponse, error) {
+func CommandsAPI(path string) string {
+	return commandsAPIBaseURL + path
+}
+
+func AppAPI(path string) string {
+	return appAPIBaseURL + path
+}
+
+func (c *RingApi) GetAuth(twoFactorAuthCode string) (*AuthTokenResponse, error) {
 	var grantData map[string]string
 
 	if c.authConfig != nil && twoFactorAuthCode == "" {
@@ -404,60 +311,30 @@ func (c *RingRestClient) GetAuth(twoFactorAuthCode string) (*AuthTokenResponse,
 		return nil, fmt.Errorf("failed to decode auth response: %w", err)
 	}
 
+	// Refresh token and expiry
 	c.authToken = &authResp
 	c.authConfig = &AuthConfig{
 		RT:  authResp.RefreshToken,
 		HID: c.hardwareID,
 	}
+	// Set token expiry (1 minute before actual expiry)
+	expiresIn := time.Duration(authResp.ExpiresIn-60) * time.Second
+	c.tokenExpiry = time.Now().Add(expiresIn)
 
 	c.RefreshToken = encodeAuthConfig(c.authConfig)
 	if c.onTokenRefresh != nil {
 		c.onTokenRefresh(c.RefreshToken)
 	}
 
+	// Refresh the cached client
+	cacheMutex.Lock()
+	clientCache[c.cacheKey] = c
+	cacheMutex.Unlock()
+
 	return c.authToken, nil
 }
 
-// Helper functions for auth config encoding/decoding
-func parseAuthConfig(refreshToken string) (*AuthConfig, error) {
-	decoded, err := base64.StdEncoding.DecodeString(refreshToken)
-	if err != nil {
-		return nil, err
-	}
-
-	var config AuthConfig
-	if err := json.Unmarshal(decoded, &config); err != nil {
-		// Handle legacy format where refresh token is the raw token
-		return &AuthConfig{RT: refreshToken}, nil
-	}
-
-	return &config, nil
-}
-
-func encodeAuthConfig(config *AuthConfig) string {
-	jsonBytes, _ := json.Marshal(config)
-	return base64.StdEncoding.EncodeToString(jsonBytes)
-}
-
-// API URL helpers
-func ClientAPI(path string) string {
-	return clientAPIBaseURL + path
-}
-
-func DeviceAPI(path string) string {
-	return deviceAPIBaseURL + path
-}
-
-func CommandsAPI(path string) string {
-	return commandsAPIBaseURL + path
-}
-
-func AppAPI(path string) string {
-	return appAPIBaseURL + path
-}
-
-// FetchRingDevices gets all Ring devices and categorizes them
-func (c *RingRestClient) FetchRingDevices() (*RingDevicesResponse, error) {
+func (c *RingApi) FetchRingDevices() (*RingDevicesResponse, error) {
 	response, err := c.Request("GET", ClientAPI("ring_devices"), nil)
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch ring devices: %w", err)
@@ -509,7 +386,7 @@ func (c *RingRestClient) FetchRingDevices() (*RingDevicesResponse, error) {
 	return &devices, nil
 }
 
-func (c *RingRestClient) GetSocketTicket() (*SocketTicketResponse, error) {
+func (c *RingApi) GetSocketTicket() (*SocketTicketResponse, error) {
 	response, err := c.Request("POST", AppAPI("clap/ticket/request/signalsocket"), nil)
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch socket ticket: %w", err)
@@ -523,6 +400,286 @@ func (c *RingRestClient) GetSocketTicket() (*SocketTicketResponse, error) {
 	return &ticket, nil
 }
 
+func (c *RingApi) Request(method, url string, body interface{}) ([]byte, error) {
+	// Ensure we have a valid session
+	if err := c.ensureSession(); err != nil {
+		return nil, fmt.Errorf("session validation failed: %w", err)
+	}
+
+	var bodyReader io.Reader
+	if body != nil {
+		jsonBody, err := json.Marshal(body)
+		if err != nil {
+			return nil, fmt.Errorf("failed to marshal request body: %w", err)
+		}
+		bodyReader = bytes.NewReader(jsonBody)
+	}
+
+	// Create request
+	req, err := http.NewRequest(method, url, bodyReader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create request: %w", err)
+	}
+
+	// Set headers
+	req.Header.Set("Authorization", "Bearer "+c.authToken.AccessToken)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("hardware_id", c.hardwareID)
+	req.Header.Set("User-Agent", "android:com.ringapp")
+
+	// Make request with retries
+	var resp *http.Response
+	var responseBody []byte
+
+	for attempt := 0; attempt <= maxRetries; attempt++ {
+		resp, err = c.httpClient.Do(req)
+		if err != nil {
+			if attempt == maxRetries {
+				return nil, fmt.Errorf("request failed after %d retries: %w", maxRetries, err)
+			}
+			time.Sleep(5 * time.Second)
+			continue
+		}
+		defer resp.Body.Close()
+
+		responseBody, err = io.ReadAll(resp.Body)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read response body: %w", err)
+		}
+
+		// Handle 401 by refreshing auth and retrying
+		if resp.StatusCode == http.StatusUnauthorized {
+			// Reset token to force refresh
+			c.authMutex.Lock()
+			c.authToken = nil
+			c.tokenExpiry = time.Time{} // Reset token expiry
+			c.authMutex.Unlock()
+
+			if attempt == maxRetries {
+				return nil, fmt.Errorf("authentication failed after %d retries", maxRetries)
+			}
+
+			// By 401 with Auth AND Session start over
+			c.sessionMutex.Lock()
+			c.session = nil
+			c.sessionExpiry = time.Time{} // Reset session expiry
+			c.sessionMutex.Unlock()
+
+			if err := c.ensureSession(); err != nil {
+				return nil, fmt.Errorf("failed to refresh session: %w", err)
+			}
+
+			req.Header.Set("Authorization", "Bearer "+c.authToken.AccessToken)
+			continue
+		}
+
+		// Handle 404 error with hardware_id reference - session issue
+		if resp.StatusCode == 404 && strings.Contains(url, clientAPIBaseURL) {
+			var errorBody map[string]interface{}
+			if err := json.Unmarshal(responseBody, &errorBody); err == nil {
+				if errorStr, ok := errorBody["error"].(string); ok && strings.Contains(errorStr, c.hardwareID) {
+					// Session with hardware_id not found, refresh session
+					c.sessionMutex.Lock()
+					c.session = nil
+					c.sessionExpiry = time.Time{} // Reset session expiry
+					c.sessionMutex.Unlock()
+
+					if attempt == maxRetries {
+						return nil, fmt.Errorf("session refresh failed after %d retries", maxRetries)
+					}
+
+					if err := c.ensureSession(); err != nil {
+						return nil, fmt.Errorf("failed to refresh session: %w", err)
+					}
+
+					continue
+				}
+			}
+		}
+
+		// Handle other error status codes
+		if resp.StatusCode >= 400 {
+			return nil, fmt.Errorf("request failed with status %d: %s", resp.StatusCode, string(responseBody))
+		}
+
+		break
+	}
+
+	return responseBody, nil
+}
+
+func (c *RingApi) ensureSession() error {
+	c.sessionMutex.Lock()
+	defer c.sessionMutex.Unlock()
+
+	// If session is still valid, use it
+	if c.session != nil && time.Now().Before(c.sessionExpiry) {
+		return nil
+	}
+
+	// Make sure we have a valid auth token
+	if err := c.ensureAuth(); err != nil {
+		return fmt.Errorf("authentication failed while creating session: %w", err)
+	}
+
+	sessionPayload := map[string]interface{}{
+		"device": map[string]interface{}{
+			"hardware_id": c.hardwareID,
+			"metadata": map[string]interface{}{
+				"api_version":  apiVersion,
+				"device_model": "ring-client-go",
+			},
+			"os": "android",
+		},
+	}
+
+	body, err := json.Marshal(sessionPayload)
+	if err != nil {
+		return fmt.Errorf("failed to marshal session request: %w", err)
+	}
+
+	req, err := http.NewRequest("POST", ClientAPI("session"), bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Authorization", "Bearer "+c.authToken.AccessToken)
+	req.Header.Set("hardware_id", c.hardwareID)
+	req.Header.Set("User-Agent", "android:com.ringapp")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		respBody, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("session request failed with status %d: %s", resp.StatusCode, string(respBody))
+	}
+
+	var sessionResp SessionResponse
+	if err := json.NewDecoder(resp.Body).Decode(&sessionResp); err != nil {
+		return fmt.Errorf("failed to decode session response: %w", err)
+	}
+
+	c.session = &sessionResp
+	c.sessionExpiry = time.Now().Add(sessionValidTime)
+
+	// Aktualisiere den gecachten Client
+	cacheMutex.Lock()
+	clientCache[c.cacheKey] = c
+	cacheMutex.Unlock()
+
+	return nil
+}
+
+func (c *RingApi) ensureAuth() error {
+	c.authMutex.Lock()
+	defer c.authMutex.Unlock()
+
+	// If token exists and is not expired, use it
+	if c.authToken != nil && time.Now().Before(c.tokenExpiry) {
+		return nil
+	}
+
+	var grantData = map[string]string{
+		"grant_type":    "refresh_token",
+		"refresh_token": c.authConfig.RT,
+	}
+
+	// Add common fields
+	grantData["client_id"] = "ring_official_android"
+	grantData["scope"] = "client"
+
+	// Make auth request
+	body, err := json.Marshal(grantData)
+	if err != nil {
+		return fmt.Errorf("failed to marshal auth request: %w", err)
+	}
+
+	req, err := http.NewRequest("POST", oauthURL, bytes.NewReader(body))
+	if err != nil {
+		return fmt.Errorf("failed to create auth request: %w", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("hardware_id", c.hardwareID)
+	req.Header.Set("User-Agent", "android:com.ringapp")
+	req.Header.Set("2fa-support", "true")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("auth request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusPreconditionFailed {
+		return fmt.Errorf("2FA required. Please see documentation for handling 2FA")
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("auth request failed with status %d: %s", resp.StatusCode, string(body))
+	}
+
+	var authResp AuthTokenResponse
+	if err := json.NewDecoder(resp.Body).Decode(&authResp); err != nil {
+		return fmt.Errorf("failed to decode auth response: %w", err)
+	}
+
+	// Update auth config and refresh token
+	c.authToken = &authResp
+	c.authConfig = &AuthConfig{
+		RT:  authResp.RefreshToken,
+		HID: c.hardwareID,
+	}
+
+	// Set token expiry (1 minute before actual expiry)
+	expiresIn := time.Duration(authResp.ExpiresIn-60) * time.Second
+	c.tokenExpiry = time.Now().Add(expiresIn)
+
+	// Encode and notify about new refresh token
+	if c.onTokenRefresh != nil {
+		newRefreshToken := encodeAuthConfig(c.authConfig)
+		c.onTokenRefresh(newRefreshToken)
+	}
+
+	// Refreshn the token in the client
+	c.RefreshToken = encodeAuthConfig(c.authConfig)
+
+	// Refresh the cached client
+	cacheMutex.Lock()
+	clientCache[c.cacheKey] = c
+	cacheMutex.Unlock()
+
+	return nil
+}
+
+func parseAuthConfig(refreshToken string) (*AuthConfig, error) {
+	decoded, err := base64.StdEncoding.DecodeString(refreshToken)
+	if err != nil {
+		return nil, err
+	}
+
+	var config AuthConfig
+	if err := json.Unmarshal(decoded, &config); err != nil {
+		// Handle legacy format where refresh token is the raw token
+		return &AuthConfig{RT: refreshToken}, nil
+	}
+
+	return &config, nil
+}
+
+func encodeAuthConfig(config *AuthConfig) string {
+	jsonBytes, _ := json.Marshal(config)
+	return base64.StdEncoding.EncodeToString(jsonBytes)
+}
+
 func generateHardwareID() string {
 	h := sha256.New()
 	h.Write([]byte("ring-client-go2rtc"))

pkg/ring/client.go

@@ -5,103 +5,25 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
-	"sync"
-	"time"
+	"strconv"
 
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
 	"github.com/google/uuid"
-	"github.com/gorilla/websocket"
 	pion "github.com/pion/webrtc/v4"
 )
 
 type Client struct {
-	api       *RingRestClient
-	ws        *websocket.Conn
+	api       *RingApi
+	wsClient  *WSClient
 	prod      core.Producer
-	camera    *CameraData
+	cameraID  int
 	dialogID  string
-	sessionID string
-	wsMutex   sync.Mutex
-	done      chan struct{}
+	connected core.Waiter
+	closed    bool
 }
 
-type SessionBody struct {
-	DoorbotID int    `json:"doorbot_id"`
-	SessionID string `json:"session_id"`
-}
-
-type AnswerMessage struct {
-	Method string `json:"method"` // "sdp"
-	Body   struct {
-		SessionBody
-		SDP  string `json:"sdp"`
-		Type string `json:"type"` // "answer"
-	} `json:"body"`
-}
-
-type IceCandidateMessage struct {
-	Method string `json:"method"` // "ice"
-	Body   struct {
-		SessionBody
-		Ice        string `json:"ice"`
-		MLineIndex int    `json:"mlineindex"`
-	} `json:"body"`
-}
-
-type SessionMessage struct {
-	Method string      `json:"method"` // "session_created" or "session_started"
-	Body   SessionBody `json:"body"`
-}
-
-type PongMessage struct {
-	Method string      `json:"method"` // "pong"
-	Body   SessionBody `json:"body"`
-}
-
-type NotificationMessage struct {
-	Method string `json:"method"` // "notification"
-	Body   struct {
-		SessionBody
-		IsOK bool   `json:"is_ok"`
-		Text string `json:"text"`
-	} `json:"body"`
-}
-
-type StreamInfoMessage struct {
-	Method string `json:"method"` // "stream_info"
-	Body   struct {
-		SessionBody
-		Transcoding       bool   `json:"transcoding"`
-		TranscodingReason string `json:"transcoding_reason"`
-	} `json:"body"`
-}
-
-type CloseMessage struct {
-	Method string `json:"method"` // "close"
-	Body   struct {
-		SessionBody
-		Reason struct {
-			Code int    `json:"code"`
-			Text string `json:"text"`
-		} `json:"reason"`
-	} `json:"body"`
-}
-
-type BaseMessage struct {
-	Method string         `json:"method"`
-	Body   map[string]any `json:"body"`
-}
-
-// Close reason codes
-const (
-	CloseReasonNormalClose          = 0
-	CloseReasonAuthenticationFailed = 5
-	CloseReasonTimeout              = 6
-)
-
 func Dial(rawURL string) (*Client, error) {
-	// 1. Parse URL and validate basic params
 	u, err := url.Parse(rawURL)
 	if err != nil {
 		return nil, err
@@ -109,70 +31,42 @@ func Dial(rawURL string) (*Client, error) {
 
 	query := u.Query()
 	encodedToken := query.Get("refresh_token")
+	cameraID := query.Get("camera_id")
 	deviceID := query.Get("device_id")
 	_, isSnapshot := query["snapshot"]
 
-	if encodedToken == "" || deviceID == "" {
+	if encodedToken == "" || deviceID == "" || cameraID == "" {
 		return nil, errors.New("ring: wrong query")
 	}
 
-	// URL-decode the refresh token
+	client := &Client{
+		dialogID: uuid.NewString(),
+	}
+
+	client.cameraID, err = strconv.Atoi(cameraID)
+	if err != nil {
+		return nil, fmt.Errorf("ring: invalid camera_id: %w", err)
+	}
+
 	refreshToken, err := url.QueryUnescape(encodedToken)
 	if err != nil {
 		return nil, fmt.Errorf("ring: invalid refresh token encoding: %w", err)
 	}
 
-	// Initialize Ring API client
-	ringAPI, err := NewRingRestClient(RefreshTokenAuth{RefreshToken: refreshToken}, nil)
+	client.api, err = NewRestClient(RefreshTokenAuth{RefreshToken: refreshToken}, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	// Get camera details
-	devices, err := ringAPI.FetchRingDevices()
-	if err != nil {
-		return nil, err
-	}
-
-	var camera *CameraData
-	for _, cam := range devices.AllCameras {
-		if fmt.Sprint(cam.DeviceID) == deviceID {
-			camera = &cam
-			break
-		}
-	}
-	if camera == nil {
-		return nil, errors.New("ring: camera not found")
-	}
-
-	// Create base client
-	client := &Client{
-		api:      ringAPI,
-		camera:   camera,
-		dialogID: uuid.NewString(),
-		done:     make(chan struct{}),
-	}
-
-	// Check if snapshot request
+	// Snapshot Flow
 	if isSnapshot {
-		client.prod = NewSnapshotProducer(ringAPI, camera)
+		client.prod = NewSnapshotProducer(client.api, client.cameraID)
 		return client, nil
 	}
 
-	// If not snapshot, continue with WebRTC setup
-	ticket, err := ringAPI.GetSocketTicket()
-	if err != nil {
-		return nil, err
-	}
-
-	// Create WebSocket connection
-	wsURL := fmt.Sprintf("wss://api.prod.signalling.ring.devices.a2z.com/ws?api_version=4.0&auth_type=ring_solutions&client_id=ring_site-%s&token=%s",
-		uuid.NewString(), url.QueryEscape(ticket.Ticket))
-
-	client.ws, _, err = websocket.DefaultDialer.Dial(wsURL, map[string][]string{
-		"User-Agent": {"android:com.ringapp"},
-	})
+	client.wsClient, err = StartWebsocket(client.cameraID, client.api)
 	if err != nil {
+		client.Stop()
 		return nil, err
 	}
 
@@ -196,13 +90,13 @@ func Dial(rawURL string) (*Client, error) {
 
 	api, err := webrtc.NewAPI()
 	if err != nil {
-		client.ws.Close()
+		client.Stop()
 		return nil, err
 	}
 
 	pc, err := api.NewPeerConnection(conf)
 	if err != nil {
-		client.ws.Close()
+		client.Stop()
 		return nil, err
 	}
 
@@ -212,16 +106,27 @@ func Dial(rawURL string) (*Client, error) {
 	// protect from blocking on errors
 	defer sendOffer.Done(nil)
 
-	// waiter will wait PC error or WS error or nil (connection OK)
-	var connState core.Waiter
-
 	prod := webrtc.NewConn(pc)
 	prod.FormatName = "ring/webrtc"
 	prod.Mode = core.ModeActiveProducer
 	prod.Protocol = "ws"
 	prod.URL = rawURL
 
-	client.prod = prod
+	client.wsClient.onMessage = func(msg WSMessage) {
+		client.onWSMessage(msg)
+	}
+
+	client.wsClient.onError = func(err error) {
+		// fmt.Printf("ring: error: %s\n", err.Error())
+		client.Stop()
+		client.connected.Done(err)
+	}
+
+	client.wsClient.onClose = func() {
+		// fmt.Println("ring: disconnect")
+		client.Stop()
+		client.connected.Done(errors.New("ring: disconnect"))
+	}
 
 	prod.Listen(func(msg any) {
 		switch msg := msg.(type) {
@@ -240,22 +145,28 @@ func Dial(rawURL string) (*Client, error) {
 				"mlineindex": iceCandidate.SDPMLineIndex,
 			}
 
-			if err = client.sendSessionMessage("ice", icePayload); err != nil {
-				connState.Done(err)
+			if err = client.wsClient.sendSessionMessage("ice", icePayload); err != nil {
+				client.connected.Done(err)
 				return
 			}
 
 		case pion.PeerConnectionState:
 			switch msg {
+			case pion.PeerConnectionStateNew:
+				break
 			case pion.PeerConnectionStateConnecting:
+				break
 			case pion.PeerConnectionStateConnected:
-				connState.Done(nil)
+				client.connected.Done(nil)
 			default:
-				connState.Done(errors.New("ring: " + msg.String()))
+				client.Stop()
+				client.connected.Done(errors.New("ring: " + msg.String()))
 			}
 		}
 	})
 
+	client.prod = prod
+
 	// Setup media configuration
 	medias := []*core.Media{
 		{
@@ -297,186 +208,103 @@ func Dial(rawURL string) (*Client, error) {
 		"sdp": offer,
 	}
 
-	if err = client.sendSessionMessage("live_view", offerPayload); err != nil {
+	if err = client.wsClient.sendSessionMessage("live_view", offerPayload); err != nil {
 		client.Stop()
 		return nil, err
 	}
 
 	sendOffer.Done(nil)
 
-	// Ring expects a ping message every 5 seconds
-	go client.startPingLoop(pc)
-	go client.startMessageLoop(&connState)
-
-	if err = connState.Wait(); err != nil {
+	if err = client.connected.Wait(); err != nil {
 		return nil, err
 	}
 
 	return client, nil
 }
 
-func (c *Client) startPingLoop(pc *pion.PeerConnection) {
-	ticker := time.NewTicker(5 * time.Second)
-	defer ticker.Stop()
+func (c *Client) onWSMessage(msg WSMessage) {
+	rawMsg, _ := json.Marshal(msg)
 
-	for {
-		select {
-		case <-c.done:
-			return
-		case <-ticker.C:
-			if pc.ConnectionState() == pion.PeerConnectionStateConnected {
-				if err := c.sendSessionMessage("ping", nil); err != nil {
-					return
-				}
-			}
+	// fmt.Printf("ring: onWSMessage: %s\n", string(rawMsg))
+
+	// check if "doorbot_id" is present
+	if _, ok := msg.Body["doorbot_id"]; !ok {
+		return
+	}
+
+	// check if the message is from the correct doorbot
+	doorbotID := msg.Body["doorbot_id"].(float64)
+	if int(doorbotID) != c.cameraID {
+		return
+	}
+
+	if msg.Method == "session_created" || msg.Method == "session_started" {
+		if _, ok := msg.Body["session_id"]; ok && c.wsClient.sessionID == "" {
+			c.wsClient.sessionID = msg.Body["session_id"].(string)
 		}
 	}
-}
 
-func (c *Client) startMessageLoop(connState *core.Waiter) {
-	var err error
-
-	// will be closed when conn will be closed
-	defer func() {
-		connState.Done(err)
-	}()
-
-	for {
-		select {
-		case <-c.done:
+	// check if the message is from the correct session
+	if _, ok := msg.Body["session_id"]; ok {
+		if msg.Body["session_id"].(string) != c.wsClient.sessionID {
 			return
-		default:
-			var res BaseMessage
-			if err = c.ws.ReadJSON(&res); err != nil {
-				select {
-				case <-c.done:
-					return
-				default:
-				}
+		}
+	}
 
+	switch msg.Method {
+	case "sdp":
+		if prod, ok := c.prod.(*webrtc.Conn); ok {
+			// Get answer
+			var msg AnswerMessage
+			if err := json.Unmarshal(rawMsg, &msg); err != nil {
 				c.Stop()
+				c.connected.Done(err)
 				return
 			}
 
-			// check if "doorbot_id" is present
-			if _, ok := res.Body["doorbot_id"]; !ok {
-				continue
-			}
-
-			// check if the message is from the correct doorbot
-			doorbotID := res.Body["doorbot_id"].(float64)
-			if doorbotID != float64(c.camera.ID) {
-				continue
-			}
-
-			// check if the message is from the correct session
-			if res.Method == "session_created" || res.Method == "session_started" {
-				if _, ok := res.Body["session_id"]; ok && c.sessionID == "" {
-					c.sessionID = res.Body["session_id"].(string)
-				}
-			}
-
-			if _, ok := res.Body["session_id"]; ok {
-				if res.Body["session_id"].(string) != c.sessionID {
-					continue
-				}
-			}
-
-			rawMsg, _ := json.Marshal(res)
-
-			switch res.Method {
-			case "sdp":
-				if prod, ok := c.prod.(*webrtc.Conn); ok {
-					// Get answer
-					var msg AnswerMessage
-					if err = json.Unmarshal(rawMsg, &msg); err != nil {
-						c.Stop()
-						return
-					}
-					if err = prod.SetAnswer(msg.Body.SDP); err != nil {
-						c.Stop()
-						return
-					}
-					if err = c.activateSession(); err != nil {
-						c.Stop()
-						return
-					}
-				}
-
-			case "ice":
-				if prod, ok := c.prod.(*webrtc.Conn); ok {
-					// Continue to receiving candidates
-					var msg IceCandidateMessage
-					if err = json.Unmarshal(rawMsg, &msg); err != nil {
-						break
-					}
-
-					// check for empty ICE candidate
-					if msg.Body.Ice == "" {
-						break
-					}
-
-					if err = prod.AddCandidate(msg.Body.Ice); err != nil {
-						c.Stop()
-						return
-					}
-				}
-
-			case "close":
+			if err := prod.SetAnswer(msg.Body.SDP); err != nil {
 				c.Stop()
+				c.connected.Done(err)
 				return
+			}
 
-			case "pong":
-				// Ignore
-				continue
+			if err := c.wsClient.activateSession(); err != nil {
+				c.Stop()
+				c.connected.Done(err)
+				return
+			}
+
+			prod.SDP = msg.Body.SDP
+		}
+
+	case "ice":
+		if prod, ok := c.prod.(*webrtc.Conn); ok {
+			var msg IceCandidateMessage
+			if err := json.Unmarshal(rawMsg, &msg); err != nil {
+				break
+			}
+
+			// Skip empty candidates
+			if msg.Body.Ice == "" {
+				break
+			}
+
+			if err := prod.AddCandidate(msg.Body.Ice); err != nil {
+				c.Stop()
+				c.connected.Done(err)
+				return
 			}
 		}
+
+	case "close":
+		c.Stop()
+		c.connected.Done(errors.New("ring: close"))
+
+	case "pong":
+		// Ignore
 	}
 }
 
-func (c *Client) activateSession() error {
-	if err := c.sendSessionMessage("activate_session", nil); err != nil {
-		return err
-	}
-
-	streamPayload := map[string]interface{}{
-		"audio_enabled": true,
-		"video_enabled": true,
-	}
-
-	if err := c.sendSessionMessage("stream_options", streamPayload); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (c *Client) sendSessionMessage(method string, body map[string]interface{}) error {
-	c.wsMutex.Lock()
-	defer c.wsMutex.Unlock()
-
-	if body == nil {
-		body = make(map[string]interface{})
-	}
-
-	body["doorbot_id"] = c.camera.ID
-	if c.sessionID != "" {
-		body["session_id"] = c.sessionID
-	}
-
-	msg := map[string]interface{}{
-		"method":    method,
-		"dialog_id": c.dialogID,
-		"body":      body,
-	}
-
-	if err := c.ws.WriteJSON(msg); err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func (c *Client) GetMedias() []*core.Media {
 	return c.prod.GetMedias()
 }
@@ -492,7 +320,7 @@ func (c *Client) AddTrack(media *core.Media, codec *core.Codec, track *core.Rece
 			speakerPayload := map[string]interface{}{
 				"stealth_mode": false,
 			}
-			_ = c.sendSessionMessage("camera_options", speakerPayload)
+			_ = c.wsClient.sendSessionMessage("camera_options", speakerPayload)
 		}
 		return webrtcProd.AddTrack(media, codec, track)
 	}
@@ -505,37 +333,23 @@ func (c *Client) Start() error {
 }
 
 func (c *Client) Stop() error {
-	select {
-	case <-c.done:
+	if c.closed {
 		return nil
-	default:
-		close(c.done)
 	}
 
+	c.closed = true
+
 	if c.prod != nil {
 		_ = c.prod.Stop()
 	}
 
-	if c.ws != nil {
-		closePayload := map[string]interface{}{
-			"reason": map[string]interface{}{
-				"code": CloseReasonNormalClose,
-				"text": "",
-			},
-		}
-
-		_ = c.sendSessionMessage("close", closePayload)
-		_ = c.ws.Close()
-		c.ws = nil
+	if c.wsClient != nil {
+		_ = c.wsClient.Close()
 	}
 
 	return nil
 }
 
 func (c *Client) MarshalJSON() ([]byte, error) {
-	if webrtcProd, ok := c.prod.(*webrtc.Conn); ok {
-		return webrtcProd.MarshalJSON()
-	}
-
 	return json.Marshal(c.prod)
 }

pkg/ring/snapshot.go

@@ -10,11 +10,11 @@ import (
 type SnapshotProducer struct {
 	core.Connection
 
-	client *RingRestClient
-	camera *CameraData
+	client   *RingApi
+	cameraID int
 }
 
-func NewSnapshotProducer(client *RingRestClient, camera *CameraData) *SnapshotProducer {
+func NewSnapshotProducer(client *RingApi, cameraID int) *SnapshotProducer {
 	return &SnapshotProducer{
 		Connection: core.Connection{
 			ID:         core.NewID(),
@@ -35,14 +35,13 @@ func NewSnapshotProducer(client *RingRestClient, camera *CameraData) *SnapshotPr
 				},
 			},
 		},
-		client: client,
-		camera: camera,
+		client:   client,
+		cameraID: cameraID,
 	}
 }
 
 func (p *SnapshotProducer) Start() error {
-	// Fetch snapshot
-	response, err := p.client.Request("GET", fmt.Sprintf("https://app-snaps.ring.com/snapshots/next/%d", int(p.camera.ID)), nil)
+	response, err := p.client.Request("GET", fmt.Sprintf("https://app-snaps.ring.com/snapshots/next/%d", p.cameraID), nil)
 	if err != nil {
 		return err
 	}

pkg/ring/ws.go

@@ -0,0 +1,265 @@
+package ring
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/gorilla/websocket"
+)
+
+type SessionBody struct {
+	DoorbotID int    `json:"doorbot_id"`
+	SessionID string `json:"session_id"`
+}
+
+type AnswerMessage struct {
+	Method string `json:"method"` // "sdp"
+	Body   struct {
+		SessionBody
+		SDP  string `json:"sdp"`
+		Type string `json:"type"` // "answer"
+	} `json:"body"`
+}
+
+type IceCandidateMessage struct {
+	Method string `json:"method"` // "ice"
+	Body   struct {
+		SessionBody
+		Ice        string `json:"ice"`
+		MLineIndex int    `json:"mlineindex"`
+	} `json:"body"`
+}
+
+type SessionMessage struct {
+	Method string      `json:"method"` // "session_created" or "session_started"
+	Body   SessionBody `json:"body"`
+}
+
+type PongMessage struct {
+	Method string      `json:"method"` // "pong"
+	Body   SessionBody `json:"body"`
+}
+
+type NotificationMessage struct {
+	Method string `json:"method"` // "notification"
+	Body   struct {
+		SessionBody
+		IsOK bool   `json:"is_ok"`
+		Text string `json:"text"`
+	} `json:"body"`
+}
+
+type StreamInfoMessage struct {
+	Method string `json:"method"` // "stream_info"
+	Body   struct {
+		SessionBody
+		Transcoding       bool   `json:"transcoding"`
+		TranscodingReason string `json:"transcoding_reason"`
+	} `json:"body"`
+}
+
+type CloseRequest struct {
+	Method string `json:"method"` // "close"
+	Body   struct {
+		SessionBody
+		Reason struct {
+			Code int    `json:"code"`
+			Text string `json:"text"`
+		} `json:"reason"`
+	} `json:"body"`
+}
+
+type WSMessage struct {
+	Method string         `json:"method"`
+	Body   map[string]any `json:"body"`
+}
+
+type WSClient struct {
+	ws        *websocket.Conn
+	api       *RingApi
+	wsMutex   sync.Mutex
+	cameraID  int
+	dialogID  string
+	sessionID string
+
+	onMessage func(msg WSMessage)
+	onError   func(err error)
+	onClose   func()
+
+	closed chan struct{}
+}
+
+const (
+	CloseReasonNormalClose          = 0
+	CloseReasonAuthenticationFailed = 5
+	CloseReasonTimeout              = 6
+)
+
+func StartWebsocket(cameraID int, api *RingApi) (*WSClient, error) {
+	client := &WSClient{
+		api:      api,
+		cameraID: cameraID,
+		dialogID: uuid.NewString(),
+		closed:   make(chan struct{}),
+	}
+
+	ticket, err := client.api.GetSocketTicket()
+	if err != nil {
+		return nil, err
+	}
+
+	url := fmt.Sprintf("wss://api.prod.signalling.ring.devices.a2z.com/ws?api_version=4.0&auth_type=ring_solutions&client_id=ring_site-%s&token=%s",
+		uuid.NewString(), url.QueryEscape(ticket.Ticket))
+
+	httpHeader := http.Header{}
+	httpHeader.Set("User-Agent", "android:com.ringapp")
+
+	client.ws, _, err = websocket.DefaultDialer.Dial(url, httpHeader)
+	if err != nil {
+		return nil, err
+	}
+
+	client.ws.SetCloseHandler(func(code int, text string) error {
+		client.onWsClose()
+		return nil
+	})
+
+	go client.startPingLoop()
+	go client.startMessageLoop()
+
+	return client, nil
+}
+
+func (c *WSClient) Close() error {
+	select {
+	case <-c.closed:
+		return nil
+	default:
+		close(c.closed)
+	}
+
+	closePayload := map[string]interface{}{
+		"reason": map[string]interface{}{
+			"code": CloseReasonNormalClose,
+			"text": "",
+		},
+	}
+
+	_ = c.sendSessionMessage("close", closePayload)
+
+	return c.ws.Close()
+}
+
+func (c *WSClient) startPingLoop() {
+	ticker := time.NewTicker(5 * time.Second)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-c.closed:
+			return
+		case <-ticker.C:
+			if err := c.sendSessionMessage("ping", nil); err != nil {
+				return
+			}
+		}
+	}
+}
+
+func (c *WSClient) startMessageLoop() {
+	for {
+		select {
+		case <-c.closed:
+			return
+		default:
+			var res WSMessage
+			if err := c.ws.ReadJSON(&res); err != nil {
+				select {
+				case <-c.closed:
+					// Ignore error if closed
+				default:
+					c.onWsError(err)
+				}
+
+				return
+			}
+
+			c.onWsMessage(res)
+		}
+	}
+}
+
+func (c *WSClient) activateSession() error {
+	if err := c.sendSessionMessage("activate_session", nil); err != nil {
+		return err
+	}
+
+	streamPayload := map[string]interface{}{
+		"audio_enabled": true,
+		"video_enabled": true,
+	}
+
+	if err := c.sendSessionMessage("stream_options", streamPayload); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *WSClient) sendSessionMessage(method string, payload map[string]interface{}) error {
+	select {
+	case <-c.closed:
+		return nil
+	default:
+		// continue
+	}
+
+	c.wsMutex.Lock()
+	defer c.wsMutex.Unlock()
+
+	if payload == nil {
+		payload = make(map[string]interface{})
+	}
+
+	payload["doorbot_id"] = c.cameraID
+	if c.sessionID != "" {
+		payload["session_id"] = c.sessionID
+	}
+
+	msg := map[string]interface{}{
+		"method":    method,
+		"dialog_id": c.dialogID,
+		"body":      payload,
+	}
+
+	// rawMsg, _ := json.Marshal(msg)
+	// fmt.Printf("ring: sendSessionMessage: %s: %s\n", method, string(rawMsg))
+
+	if err := c.ws.WriteJSON(msg); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *WSClient) onWsMessage(msg WSMessage) {
+	if c.onMessage != nil {
+		c.onMessage(msg)
+	}
+}
+
+func (c *WSClient) onWsError(err error) {
+	if c.onError != nil {
+		c.onError(err)
+	}
+}
+
+func (c *WSClient) onWsClose() {
+	if c.onClose != nil {
+		c.onClose()
+	}
+}

pkg/rtsp/client.go

@@ -9,6 +9,7 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/AlexxIT/go2rtc/pkg/tcp/websocket"
@@ -36,14 +37,22 @@ func (c *Conn) Dial() (err error) {
 
 	var conn net.Conn
 
-	if c.Transport == "" {
-		timeout := core.ConnDialTimeout
+	switch c.Transport {
+	case "", "tcp", "udp":
+		var timeout time.Duration
 		if c.Timeout != 0 {
 			timeout = time.Second * time.Duration(c.Timeout)
+		} else {
+			timeout = core.ConnDialTimeout
 		}
 		conn, err = tcp.Dial(c.URL, timeout)
-		c.Protocol = "rtsp+tcp"
-	} else {
+
+		if c.Transport != "udp" {
+			c.Protocol = "rtsp+tcp"
+		} else {
+			c.Protocol = "rtsp+udp"
+		}
+	default:
 		conn, err = websocket.Dial(c.Transport)
 		c.Protocol = "ws"
 	}
@@ -61,6 +70,9 @@ func (c *Conn) Dial() (err error) {
 	c.sequence = 0
 	c.state = StateConn
 
+	c.udpConn = nil
+	c.udpAddr = nil
+
 	c.Connection.RemoteAddr = conn.RemoteAddr().String()
 	c.Connection.Transport = conn
 	c.Connection.URL = c.uri
@@ -81,7 +93,35 @@ func (c *Conn) Do(req *tcp.Request) (*tcp.Response, error) {
 
 	c.Fire(res)
 
-	if res.StatusCode == http.StatusUnauthorized {
+	switch res.StatusCode {
+	case http.StatusOK:
+		return res, nil
+
+	case http.StatusMovedPermanently, http.StatusFound:
+		rawURL := res.Header.Get("Location")
+
+		var u *url.URL
+		if u, err = url.Parse(rawURL); err != nil {
+			return nil, err
+		}
+
+		if u.User == nil {
+			u.User = c.auth.UserInfo() // restore auth if we don't have it in the new URL
+		}
+
+		c.uri = u.String() // so auth will be saved on reconnect
+
+		_ = c.conn.Close()
+
+		if err = c.Dial(); err != nil {
+			return nil, err
+		}
+
+		req.URL = c.URL // because path was changed
+
+		return c.Do(req)
+
+	case http.StatusUnauthorized:
 		switch c.auth.Method {
 		case tcp.AuthNone:
 			if c.auth.ReadNone(res) {
@@ -97,11 +137,7 @@ func (c *Conn) Do(req *tcp.Request) (*tcp.Response, error) {
 		}
 	}
 
-	if res.StatusCode != http.StatusOK {
-		return res, fmt.Errorf("wrong response on %s", req.Method)
-	}
-
-	return res, nil
+	return res, fmt.Errorf("wrong response on %s", req.Method)
 }
 
 func (c *Conn) Options() error {
@@ -218,15 +254,27 @@ func (c *Conn) Record() (err error) {
 func (c *Conn) SetupMedia(media *core.Media) (byte, error) {
 	var transport string
 
-	// try to use media position as channel number
-	for i, m := range c.Medias {
-		if m.Equal(media) {
-			transport = fmt.Sprintf(
-				// i   - RTP (data channel)
-				// i+1 - RTCP (control channel)
-				"RTP/AVP/TCP;unicast;interleaved=%d-%d", i*2, i*2+1,
-			)
-			break
+	if c.Transport == "udp" {
+		conn1, conn2, err := ListenUDPPair()
+		if err != nil {
+			return 0, err
+		}
+
+		c.udpConn = append(c.udpConn, conn1, conn2)
+
+		port := conn1.LocalAddr().(*net.UDPAddr).Port
+		transport = fmt.Sprintf("RTP/AVP;unicast;client_port=%d-%d", port, port+1)
+	} else {
+		// try to use media position as channel number
+		for i, m := range c.Medias {
+			if m.Equal(media) {
+				transport = fmt.Sprintf(
+					// i   - RTP (data channel)
+					// i+1 - RTCP (control channel)
+					"RTP/AVP/TCP;unicast;interleaved=%d-%d", i*2, i*2+1,
+				)
+				break
+			}
 		}
 	}
 
@@ -286,27 +334,53 @@ func (c *Conn) SetupMedia(media *core.Media) (byte, error) {
 		}
 	}
 
-	// we send our `interleaved`, but camera can answer with another
-
-	// Transport: RTP/AVP/TCP;unicast;interleaved=10-11;ssrc=10117CB7
-	// Transport: RTP/AVP/TCP;unicast;destination=192.168.1.111;source=192.168.1.222;interleaved=0
-	// Transport: RTP/AVP/TCP;ssrc=22345682;interleaved=0-1
+	// Parse server response
 	transport = res.Header.Get("Transport")
-	if !strings.HasPrefix(transport, "RTP/AVP/TCP;") {
+
+	if c.Transport == "udp" {
+		channel := byte(len(c.udpConn) - 2)
+
+		// Dahua:   RTP/AVP/UDP;unicast;client_port=49292-49293;server_port=43670-43671;ssrc=7CB694B4
+		// OpenIPC: RTP/AVP/UDP;unicast;client_port=59612-59613
+		if s := core.Between(transport, "server_port=", ";"); s != "" {
+			s1, s2, _ := strings.Cut(s, "-")
+			port1 := core.Atoi(s1)
+			port2 := core.Atoi(s2)
+			// TODO: more smart handling empty server ports
+			if port1 > 0 && port2 > 0 {
+				remoteIP := c.conn.RemoteAddr().(*net.TCPAddr).IP
+				c.udpAddr = append(c.udpAddr,
+					&net.UDPAddr{IP: remoteIP, Port: port1},
+					&net.UDPAddr{IP: remoteIP, Port: port2},
+				)
+
+				go func() {
+					// Try to open a hole in the NAT router (to allow incoming UDP packets)
+					// by send a UDP packet for RTP and RTCP to the remote RTSP server.
+					// https://github.com/FFmpeg/FFmpeg/blob/aa91ae25b88e195e6af4248e0ab30605735ca1cd/libavformat/rtpdec.c#L416-L438
+					_, _ = c.WriteToUDP([]byte{0x80, 0x00, 0x00, 0x00}, channel)
+					_, _ = c.WriteToUDP([]byte{0x80, 0xC8, 0x00, 0x01}, channel+1)
+				}()
+			}
+		}
+
+		return channel, nil
+	} else {
+		// we send our `interleaved`, but camera can answer with another
+
+		// Transport: RTP/AVP/TCP;unicast;interleaved=10-11;ssrc=10117CB7
+		// Transport: RTP/AVP/TCP;unicast;destination=192.168.1.111;source=192.168.1.222;interleaved=0
+		// Transport: RTP/AVP/TCP;ssrc=22345682;interleaved=0-1
 		// Escam Q6 has a bug:
 		// Transport: RTP/AVP;unicast;destination=192.168.1.111;source=192.168.1.222;interleaved=0-1
-		if !strings.Contains(transport, ";interleaved=") {
+		s := core.Between(transport, "interleaved=", "-")
+		i, err := strconv.Atoi(s)
+		if err != nil {
 			return 0, fmt.Errorf("wrong transport: %s", transport)
 		}
-	}
 
-	channel := core.Between(transport, "interleaved=", "-")
-	i, err := strconv.Atoi(channel)
-	if err != nil {
-		return 0, err
+		return byte(i), nil
 	}
-
-	return byte(i), nil
 }
 
 func (c *Conn) Play() (err error) {
@@ -327,5 +401,56 @@ func (c *Conn) Close() error {
 	if c.OnClose != nil {
 		_ = c.OnClose()
 	}
+	for _, conn := range c.udpConn {
+		_ = conn.Close()
+	}
 	return c.conn.Close()
 }
+
+func (c *Conn) WriteToUDP(b []byte, channel byte) (int, error) {
+	return c.udpConn[channel].WriteToUDP(b, c.udpAddr[channel])
+}
+
+const listenUDPAttemps = 10
+
+var listenUDPMu sync.Mutex
+
+func ListenUDPPair() (*net.UDPConn, *net.UDPConn, error) {
+	listenUDPMu.Lock()
+	defer listenUDPMu.Unlock()
+
+	for i := 0; i < listenUDPAttemps; i++ {
+		// Get a random even port from the OS
+		ln1, err := net.ListenUDP("udp", &net.UDPAddr{IP: nil, Port: 0})
+		if err != nil {
+			continue
+		}
+
+		var port1 = ln1.LocalAddr().(*net.UDPAddr).Port
+		var port2 int
+
+		// 11. RTP over Network and Transport Protocols (https://www.ietf.org/rfc/rfc3550.txt)
+		// For UDP and similar protocols,
+		// RTP SHOULD use an even destination port number and the corresponding
+		// RTCP stream SHOULD use the next higher (odd) destination port number
+		if port1&1 > 0 {
+			port2 = port1 - 1
+		} else {
+			port2 = port1 + 1
+		}
+
+		ln2, err := net.ListenUDP("udp", &net.UDPAddr{IP: nil, Port: port2})
+		if err != nil {
+			_ = ln1.Close()
+			continue
+		}
+
+		if port1 < port2 {
+			return ln1, ln2, nil
+		} else {
+			return ln2, ln1, nil
+		}
+	}
+
+	return nil, nil, fmt.Errorf("can't open two UDP ports")
+}

pkg/rtsp/conn.go

@@ -2,6 +2,7 @@ package rtsp
 
 import (
 	"bufio"
+	"context"
 	"encoding/binary"
 	"fmt"
 	"io"
@@ -13,7 +14,6 @@ import (
 
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/tcp"
-	"github.com/pion/rtcp"
 	"github.com/pion/rtp"
 )
 
@@ -40,6 +40,7 @@ type Conn struct {
 	keepalive int
 	mode      core.Mode
 	playOK    bool
+	playErr   error
 	reader    *bufio.Reader
 	sequence  int
 	session   string
@@ -47,6 +48,9 @@ type Conn struct {
 
 	state   State
 	stateMu sync.Mutex
+
+	udpConn []*net.UDPConn
+	udpAddr []*net.UDPAddr
 }
 
 const (
@@ -68,7 +72,6 @@ func (s State) String() string {
 	case StateNone:
 		return "NONE"
 	case StateConn:
-
 		return "CONN"
 	case StateSetup:
 		return MethodSetup
@@ -88,23 +91,25 @@ const (
 func (c *Conn) Handle() (err error) {
 	var timeout time.Duration
 
-	var keepaliveDT time.Duration
-	var keepaliveTS time.Time
-
 	switch c.mode {
 	case core.ModeActiveProducer:
+		var keepaliveDT time.Duration
+
 		if c.keepalive > 5 {
 			keepaliveDT = time.Duration(c.keepalive-5) * time.Second
 		} else {
 			keepaliveDT = 25 * time.Second
 		}
-		keepaliveTS = time.Now().Add(keepaliveDT)
+
+		ctx, cancel := context.WithCancel(context.Background())
+		go c.handleKeepalive(ctx, keepaliveDT)
+		defer cancel()
 
 		if c.Timeout == 0 {
 			// polling frames from remote RTSP Server (ex Camera)
 			timeout = time.Second * 5
 
-			if len(c.Receivers) == 0 {
+			if len(c.Receivers) == 0 || c.Transport == "udp" {
 				// if we only send audio to camera
 				// https://github.com/AlexxIT/go2rtc/issues/659
 				timeout += keepaliveDT
@@ -129,148 +134,190 @@ func (c *Conn) Handle() (err error) {
 		return fmt.Errorf("wrong RTSP conn mode: %d", c.mode)
 	}
 
+	for i := 0; i < len(c.udpConn); i++ {
+		go c.handleUDPData(byte(i))
+	}
+
 	for c.state != StateNone {
 		ts := time.Now()
 
-		if err = c.conn.SetReadDeadline(ts.Add(timeout)); err != nil {
+		_ = c.conn.SetReadDeadline(ts.Add(timeout))
+
+		if err = c.handleTCPData(); err != nil {
 			return
 		}
-
-		// we can read:
-		// 1. RTP interleaved: `$` + 1B channel number + 2B size
-		// 2. RTSP response:   RTSP/1.0 200 OK
-		// 3. RTSP request:    OPTIONS ...
-		var buf4 []byte // `$` + 1B channel number + 2B size
-		buf4, err = c.reader.Peek(4)
-		if err != nil {
-			return
-		}
-
-		var channelID byte
-		var size uint16
-
-		if buf4[0] != '$' {
-			switch string(buf4) {
-			case "RTSP":
-				var res *tcp.Response
-				if res, err = c.ReadResponse(); err != nil {
-					return
-				}
-				c.Fire(res)
-				// for playing backchannel only after OK response on play
-				c.playOK = true
-				continue
-
-			case "OPTI", "TEAR", "DESC", "SETU", "PLAY", "PAUS", "RECO", "ANNO", "GET_", "SET_":
-				var req *tcp.Request
-				if req, err = c.ReadRequest(); err != nil {
-					return
-				}
-				c.Fire(req)
-				if req.Method == MethodOptions {
-					res := &tcp.Response{Request: req}
-					if err = c.WriteResponse(res); err != nil {
-						return
-					}
-				}
-				continue
-
-			default:
-				c.Fire("RTSP wrong input")
-
-				for i := 0; ; i++ {
-					// search next start symbol
-					if _, err = c.reader.ReadBytes('$'); err != nil {
-						return err
-					}
-
-					if channelID, err = c.reader.ReadByte(); err != nil {
-						return err
-					}
-
-					// TODO: better check maximum good channel ID
-					if channelID >= 20 {
-						continue
-					}
-
-					buf4 = make([]byte, 2)
-					if _, err = io.ReadFull(c.reader, buf4); err != nil {
-						return err
-					}
-
-					// check if size good for RTP
-					size = binary.BigEndian.Uint16(buf4)
-					if size <= 1500 {
-						break
-					}
-
-					// 10 tries to find good packet
-					if i >= 10 {
-						return fmt.Errorf("RTSP wrong input")
-					}
-				}
-			}
-		} else {
-			// hope that the odd channels are always RTCP
-			channelID = buf4[1]
-
-			// get data size
-			size = binary.BigEndian.Uint16(buf4[2:])
-
-			// skip 4 bytes from c.reader.Peek
-			if _, err = c.reader.Discard(4); err != nil {
-				return
-			}
-		}
-
-		// init memory for data
-		buf := make([]byte, size)
-		if _, err = io.ReadFull(c.reader, buf); err != nil {
-			return
-		}
-
-		c.Recv += int(size)
-
-		if channelID&1 == 0 {
-			packet := &rtp.Packet{}
-			if err = packet.Unmarshal(buf); err != nil {
-				return
-			}
-
-			for _, receiver := range c.Receivers {
-				if receiver.ID == channelID {
-					receiver.WriteRTP(packet)
-					break
-				}
-			}
-		} else {
-			msg := &RTCP{Channel: channelID}
-
-			if err = msg.Header.Unmarshal(buf); err != nil {
-				continue
-			}
-
-			msg.Packets, err = rtcp.Unmarshal(buf)
-			if err != nil {
-				continue
-			}
-
-			c.Fire(msg)
-		}
-
-		if keepaliveDT != 0 && ts.After(keepaliveTS) {
-			req := &tcp.Request{Method: MethodOptions, URL: c.URL}
-			if err = c.WriteRequest(req); err != nil {
-				return
-			}
-
-			keepaliveTS = ts.Add(keepaliveDT)
-		}
 	}
 
 	return
 }
 
+func (c *Conn) handleKeepalive(ctx context.Context, d time.Duration) {
+	ticker := time.NewTicker(d)
+	for {
+		select {
+		case <-ticker.C:
+			req := &tcp.Request{Method: MethodOptions, URL: c.URL}
+			if err := c.WriteRequest(req); err != nil {
+				return
+			}
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+func (c *Conn) handleUDPData(channel byte) {
+	// TODO: handle timeouts and drop TCP connection after any error
+	conn := c.udpConn[channel]
+
+	for {
+		// TP-Link Tapo camera has crazy 10000 bytes packet size
+		buf := make([]byte, 10240)
+
+		n, _, err := conn.ReadFromUDP(buf)
+		if err != nil {
+			return
+		}
+
+		if err = c.handleRawPacket(channel, buf[:n]); err != nil {
+			return
+		}
+	}
+}
+
+func (c *Conn) handleTCPData() error {
+	// we can read:
+	// 1. RTP interleaved: `$` + 1B channel number + 2B size
+	// 2. RTSP response:   RTSP/1.0 200 OK
+	// 3. RTSP request:    OPTIONS ...
+	var buf4 []byte // `$` + 1B channel number + 2B size
+	var err error
+
+	buf4, err = c.reader.Peek(4)
+	if err != nil {
+		return err
+	}
+
+	var channel byte
+	var size uint16
+
+	if buf4[0] != '$' {
+		switch string(buf4) {
+		case "RTSP":
+			var res *tcp.Response
+			if res, err = c.ReadResponse(); err != nil {
+				return err
+			}
+			c.Fire(res)
+			// for playing backchannel only after OK response on play
+			c.playOK = true
+			return nil
+
+		case "OPTI", "TEAR", "DESC", "SETU", "PLAY", "PAUS", "RECO", "ANNO", "GET_", "SET_":
+			var req *tcp.Request
+			if req, err = c.ReadRequest(); err != nil {
+				return err
+			}
+			c.Fire(req)
+			if req.Method == MethodOptions {
+				res := &tcp.Response{Request: req}
+				if err = c.WriteResponse(res); err != nil {
+					return err
+				}
+			}
+			return nil
+
+		default:
+			c.Fire("RTSP wrong input")
+
+			for i := 0; ; i++ {
+				// search next start symbol
+				if _, err = c.reader.ReadBytes('$'); err != nil {
+					return err
+				}
+
+				if channel, err = c.reader.ReadByte(); err != nil {
+					return err
+				}
+
+				// TODO: better check maximum good channel ID
+				if channel >= 20 {
+					continue
+				}
+
+				buf4 = make([]byte, 2)
+				if _, err = io.ReadFull(c.reader, buf4); err != nil {
+					return err
+				}
+
+				// check if size good for RTP
+				size = binary.BigEndian.Uint16(buf4)
+				if size <= 1500 {
+					break
+				}
+
+				// 10 tries to find good packet
+				if i >= 10 {
+					return fmt.Errorf("RTSP wrong input")
+				}
+			}
+		}
+	} else {
+		// hope that the odd channels are always RTCP
+		channel = buf4[1]
+
+		// get data size
+		size = binary.BigEndian.Uint16(buf4[2:])
+
+		// skip 4 bytes from c.reader.Peek
+		if _, err = c.reader.Discard(4); err != nil {
+			return err
+		}
+	}
+
+	// init memory for data
+	buf := make([]byte, size)
+	if _, err = io.ReadFull(c.reader, buf); err != nil {
+		return err
+	}
+
+	c.Recv += int(size)
+
+	return c.handleRawPacket(channel, buf)
+}
+
+func (c *Conn) handleRawPacket(channel byte, buf []byte) error {
+	if channel&1 == 0 {
+		packet := &rtp.Packet{}
+		if err := packet.Unmarshal(buf); err != nil {
+			return err
+		}
+
+		for _, receiver := range c.Receivers {
+			if receiver.ID == channel {
+				receiver.WriteRTP(packet)
+				break
+			}
+		}
+	} else {
+		msg := &RTCP{Channel: channel}
+
+		if err := msg.Header.Unmarshal(buf); err != nil {
+			return nil
+		}
+
+		//var err error
+		//msg.Packets, err = rtcp.Unmarshal(buf)
+		//if err != nil {
+		//	return nil
+		//}
+
+		c.Fire(msg)
+	}
+
+	return nil
+}
+
 func (c *Conn) WriteRequest(req *tcp.Request) error {
 	if req.Proto == "" {
 		req.Proto = ProtoRTSP

pkg/rtsp/consumer.go

@@ -85,11 +85,8 @@ func (c *Conn) packetWriter(codec *core.Codec, channel, payloadType uint8) core.
 	}
 
 	flushBuf := func() {
-		if err := c.conn.SetWriteDeadline(time.Now().Add(Timeout)); err != nil {
-			return
-		}
 		//log.Printf("[rtsp] channel:%2d write_size:%6d buffer_size:%6d", channel, n, len(buf))
-		if _, err := c.conn.Write(buf[:n]); err == nil {
+		if err := c.writeInterleavedData(buf[:n]); err != nil {
 			c.Send += n
 		}
 		n = 0
@@ -177,3 +174,25 @@ func (c *Conn) packetWriter(codec *core.Codec, channel, payloadType uint8) core.
 
 	return handlerFunc
 }
+
+func (c *Conn) writeInterleavedData(data []byte) error {
+	if c.Transport != "udp" {
+		_ = c.conn.SetWriteDeadline(time.Now().Add(Timeout))
+		_, err := c.conn.Write(data)
+		return err
+	}
+
+	for len(data) >= 4 && data[0] == '$' {
+		channel := data[1]
+		size := uint16(data[2])<<8 | uint16(data[3])
+		rtpData := data[4 : 4+size]
+
+		if _, err := c.WriteToUDP(rtpData, channel); err != nil {
+			return err
+		}
+
+		data = data[4+size:]
+	}
+
+	return nil
+}

pkg/shell/shell.go

@@ -3,8 +3,6 @@ package shell
 import (
 	"os"
 	"os/signal"
-	"path/filepath"
-	"regexp"
 	"strings"
 	"syscall"
 )
@@ -38,39 +36,6 @@ func QuoteSplit(s string) []string {
 	return a
 }
 
-// ReplaceEnvVars - support format ${CAMERA_PASSWORD} and ${RTSP_USER:admin}
-func ReplaceEnvVars(text string) string {
-	re := regexp.MustCompile(`\${([^}{]+)}`)
-	return re.ReplaceAllStringFunc(text, func(match string) string {
-		key := match[2 : len(match)-1]
-
-		var def string
-		var dok bool
-
-		if i := strings.IndexByte(key, ':'); i > 0 {
-			key, def = key[:i], key[i+1:]
-			dok = true
-		}
-
-		if dir, vok := os.LookupEnv("CREDENTIALS_DIRECTORY"); vok {
-			value, err := os.ReadFile(filepath.Join(dir, key))
-			if err == nil {
-				return strings.TrimSpace(string(value))
-			}
-		}
-
-		if value, vok := os.LookupEnv(key); vok {
-			return value
-		}
-
-		if dok {
-			return def
-		}
-
-		return match
-	})
-}
-
 func RunUntilSignal() {
 	sigs := make(chan os.Signal, 1)
 	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)

pkg/tcp/auth.go

@@ -112,6 +112,10 @@ func (a *Auth) ReadNone(res *Response) bool {
 	return false
 }
 
+func (a *Auth) UserInfo() *url.Userinfo {
+	return url.UserPassword(a.user, a.pass)
+}
+
 func Between(s, sub1, sub2 string) string {
 	i := strings.Index(s, sub1)
 	if i < 0 {

scripts/build.sh

@@ -1,94 +1,47 @@
 #!/bin/sh
 
+set -e  # Exit immediately if a command exits with a non-zero status.
+set -u  # Treat unset variables as an error when substituting.
+
 check_command() {
-    if ! command -v $1 &> /dev/null
+    if ! command -v "$1" >/dev/null
     then
-        echo "Error: $1 could not be found. Please install it."
-        exit 1
+        echo "Error: $1 could not be found. Please install it." >&2
+        return 1
     fi
 }
 
-# Check for required commands
+build_zip() {
+  go build -ldflags "-s -w" -trimpath -o $2
+  7z a -mx9 -sdel $1 $2
+}
+
+build_upx() {
+  go build -ldflags "-s -w" -trimpath -o $1
+  upx --best --lzma $1
+}
+
 check_command go
 check_command 7z
 check_command upx
 
-# Windows amd64
-export GOOS=windows
-export GOARCH=amd64
-FILENAME="go2rtc_win64.zip"
-go build -ldflags "-s -w" -trimpath && 7z a -mx9 -bso0 -sdel $FILENAME go2rtc.exe
+export CGO_ENABLED=0
 
-# Windows 386
-export GOOS=windows
-export GOARCH=386
-FILENAME="go2rtc_win32.zip"
-go build -ldflags "-s -w" -trimpath && 7z a -mx9 -bso0 -sdel $FILENAME go2rtc.exe
+set -x  # Print commands and their arguments as they are executed.
 
-# Windows arm64
-export GOOS=windows
-export GOARCH=arm64
-FILENAME="go2rtc_win_arm64.zip"
-go build -ldflags "-s -w" -trimpath && 7z a -mx9 -bso0 -sdel $FILENAME go2rtc.exe
+GOOS=windows  GOARCH=amd64        build_zip go2rtc_win64.zip     go2rtc.exe
+GOOS=windows  GOARCH=386          build_zip go2rtc_win32.zip     go2rtc.exe
+GOOS=windows  GOARCH=arm64        build_zip go2rtc_win_arm64.zip go2rtc.exe
 
-# Linux amd64
-export GOOS=linux
-export GOARCH=amd64
-FILENAME="go2rtc_linux_amd64"
-go build -ldflags "-s -w" -trimpath -o $FILENAME && upx --lzma --force-overwrite -q --no-progress $FILENAME
+GOOS=linux    GOARCH=amd64        build_upx go2rtc_linux_amd64
+GOOS=linux    GOARCH=386          build_upx go2rtc_linux_i386
+GOOS=linux    GOARCH=arm64        build_upx go2rtc_linux_arm64
+GOOS=linux    GOARCH=mipsle       build_upx go2rtc_linux_mipsel
+GOOS=linux    GOARCH=arm GOARM=7  build_upx go2rtc_linux_arm
+GOOS=linux    GOARCH=arm GOARM=6  build_upx go2rtc_linux_armv6
 
-# Linux 386
-export GOOS=linux
-export GOARCH=386
-FILENAME="go2rtc_linux_i386"
-go build -ldflags "-s -w" -trimpath -o $FILENAME && upx --lzma --force-overwrite -q --no-progress $FILENAME
+GOOS=darwin   GOARCH=amd64        build_zip go2rtc_mac_amd64.zip go2rtc
+GOOS=darwin   GOARCH=arm64        build_zip go2rtc_mac_arm64.zip go2rtc
 
-# Linux arm64
-export GOOS=linux
-export GOARCH=arm64
-FILENAME="go2rtc_linux_arm64"
-go build -ldflags "-s -w" -trimpath -o $FILENAME && upx --lzma --force-overwrite -q --no-progress $FILENAME
-
-# Linux arm v7
-export GOOS=linux
-export GOARCH=arm
-export GOARM=7
-FILENAME="go2rtc_linux_arm"
-go build -ldflags "-s -w" -trimpath -o $FILENAME && upx --lzma --force-overwrite -q --no-progress $FILENAME
-
-# Linux arm v6
-export GOOS=linux
-export GOARCH=arm
-export GOARM=6
-FILENAME="go2rtc_linux_armv6"
-go build -ldflags "-s -w" -trimpath -o $FILENAME && upx --lzma --force-overwrite -q --no-progress $FILENAME
-
-# Linux mipsle
-export GOOS=linux
-export GOARCH=mipsle
-FILENAME="go2rtc_linux_mipsel"
-go build -ldflags "-s -w" -trimpath -o $FILENAME && upx --lzma --force-overwrite -q --no-progress $FILENAME
-
-# Darwin amd64
-export GOOS=darwin
-export GOARCH=amd64
-FILENAME="go2rtc_mac_amd64.zip"
-go build -ldflags "-s -w" -trimpath && 7z a -mx9 -bso0 -sdel $FILENAME go2rtc
-
-# Darwin arm64
-export GOOS=darwin
-export GOARCH=arm64
-FILENAME="go2rtc_mac_arm64.zip"
-go build -ldflags "-s -w" -trimpath && 7z a -mx9 -bso0 -sdel $FILENAME go2rtc
-
-# FreeBSD amd64
-export GOOS=freebsd
-export GOARCH=amd64
-FILENAME="go2rtc_freebsd_amd64.zip"
-go build -ldflags "-s -w" -trimpath && 7z a -mx9 -bso0 -sdel $FILENAME go2rtc
-
-# FreeBSD arm64
-export GOOS=freebsd
-export GOARCH=arm64
-FILENAME="go2rtc_freebsd_arm64.zip"
-go build -ldflags "-s -w" -trimpath && 7z a -mx9 -bso0 -sdel $FILENAME go2rtc
+GOOS=freebsd  GOARCH=amd64        build_zip go2rtc_freebsd_amd64.zip go2rtc
+GOOS=freebsd  GOARCH=arm64        build_zip go2rtc_freebsd_arm64.zip go2rtc

www/add.html

@@ -254,25 +254,30 @@
 
     async function handleRingAuth(ev) {
         ev.preventDefault();
+
+        const table = document.getElementById('ring-table');
+        table.innerText = 'loading...';
+
         const query = new URLSearchParams(new FormData(ev.target));
         const url = new URL('api/ring?' + query.toString(), location.href);
 
         const r = await fetch(url, {cache: 'no-cache'});
+
+        if (!r.ok) {
+            table.innerText = (await r.text()) || 'Unknown error';
+            return;
+        }
+
         const data = await r.json();
 
+        table.innerText = '';
+
         if (data.needs_2fa) {
             document.getElementById('tfa-field').style.display = 'block';
             document.getElementById('tfa-prompt').textContent = data.prompt || 'Enter 2FA code';
             return;
         }
 
-        if (!r.ok) {
-            const table = document.getElementById('ring-table');
-            table.innerText = data.error || 'Unknown error';
-            return;
-        }
-
-        const table = document.getElementById('ring-table');
         drawTable(table, data);
     }
 

www/video-rtc.js

@@ -185,7 +185,7 @@ export class VideoRTC extends HTMLElement {
     /** @param {Function} isSupported */
     codecs(isSupported) {
         return this.CODECS
-            .filter(codec => this.media.indexOf(codec.indexOf('vc1') > 0 ? 'video' : 'audio') >= 0)
+            .filter(codec => this.media.includes(codec.includes('vc1') ? 'video' : 'audio'))
             .filter(codec => isSupported(`video/mp4; codecs="${codec}"`)).join();
     }
 
@@ -350,23 +350,23 @@ export class VideoRTC extends HTMLElement {
 
         const modes = [];
 
-        if (this.mode.indexOf('mse') >= 0 && ('MediaSource' in window || 'ManagedMediaSource' in window)) {
+        if (this.mode.includes('mse') && ('MediaSource' in window || 'ManagedMediaSource' in window)) {
             modes.push('mse');
             this.onmse();
-        } else if (this.mode.indexOf('hls') >= 0 && this.video.canPlayType('application/vnd.apple.mpegurl')) {
+        } else if (this.mode.includes('hls') && this.video.canPlayType('application/vnd.apple.mpegurl')) {
             modes.push('hls');
             this.onhls();
-        } else if (this.mode.indexOf('mp4') >= 0) {
+        } else if (this.mode.includes('mp4')) {
             modes.push('mp4');
             this.onmp4();
         }
 
-        if (this.mode.indexOf('webrtc') >= 0 && 'RTCPeerConnection' in window) {
+        if (this.mode.includes('webrtc') && 'RTCPeerConnection' in window) {
             modes.push('webrtc');
             this.onwebrtc();
         }
 
-        if (this.mode.indexOf('mjpeg') >= 0) {
+        if (this.mode.includes('mjpeg')) {
             if (modes.length) {
                 this.onmessage['mjpeg'] = msg => {
                     if (msg.type !== 'error' || msg.value.indexOf(modes[0]) !== 0) return;
@@ -490,7 +490,7 @@ export class VideoRTC extends HTMLElement {
         const pc = new RTCPeerConnection(this.pcConfig);
 
         pc.addEventListener('icecandidate', ev => {
-            if (ev.candidate && this.mode.indexOf('webrtc/tcp') >= 0 && ev.candidate.protocol === 'udp') return;
+            if (ev.candidate && this.mode.includes('webrtc/tcp') && ev.candidate.protocol === 'udp') return;
 
             const candidate = ev.candidate ? ev.candidate.toJSON().candidate : '';
             this.send({type: 'webrtc/candidate', value: candidate});
@@ -518,7 +518,7 @@ export class VideoRTC extends HTMLElement {
         this.onmessage['webrtc'] = msg => {
             switch (msg.type) {
                 case 'webrtc/candidate':
-                    if (this.mode.indexOf('webrtc/tcp') >= 0 && msg.value.indexOf(' udp ') > 0) return;
+                    if (this.mode.includes('webrtc/tcp') && msg.value.includes(' udp ')) return;
 
                     pc.addIceCandidate({candidate: msg.value, sdpMid: '0'}).catch(er => {
                         console.warn(er);
@@ -530,7 +530,7 @@ export class VideoRTC extends HTMLElement {
                     });
                     break;
                 case 'error':
-                    if (msg.value.indexOf('webrtc/offer') < 0) return;
+                    if (!msg.value.includes('webrtc/offer')) return;
                     pc.close();
             }
         };
@@ -549,7 +549,7 @@ export class VideoRTC extends HTMLElement {
      */
     async createOffer(pc) {
         try {
-            if (this.media.indexOf('microphone') >= 0) {
+            if (this.media.includes('microphone')) {
                 const media = await navigator.mediaDevices.getUserMedia({audio: true});
                 media.getTracks().forEach(track => {
                     pc.addTransceiver(track, {direction: 'sendonly'});
@@ -560,7 +560,7 @@ export class VideoRTC extends HTMLElement {
         }
 
         for (const kind of ['video', 'audio']) {
-            if (this.media.indexOf(kind) >= 0) {
+            if (this.media.includes(kind)) {
                 pc.addTransceiver(kind, {direction: 'recvonly'});
             }
         }
@@ -580,12 +580,16 @@ export class VideoRTC extends HTMLElement {
 
             /** @type {MediaStream} */
             const stream = video2.srcObject;
-            if (stream.getVideoTracks().length > 0) rtcPriority += 0x220;
+            if (stream.getVideoTracks().length > 0) {
+                // not the best, but a pretty simple way to check a codec
+                const isH265Supported =  this.pc.remoteDescription.sdp.includes('H265/90000');
+                rtcPriority += isH265Supported ? 0x240 : 0x220;
+            }
             if (stream.getAudioTracks().length > 0) rtcPriority += 0x102;
 
-            if (this.mseCodecs.indexOf('hvc1.') >= 0) msePriority += 0x230;
-            if (this.mseCodecs.indexOf('avc1.') >= 0) msePriority += 0x210;
-            if (this.mseCodecs.indexOf('mp4a.') >= 0) msePriority += 0x101;
+            if (this.mseCodecs.includes('hvc1.')) msePriority += 0x230;
+            if (this.mseCodecs.includes('avc1.')) msePriority += 0x210;
+            if (this.mseCodecs.includes('mp4a.')) msePriority += 0x101;
 
             if (rtcPriority >= msePriority) {
                 this.video.srcObject = stream;