Files
alembic/app/services/spotify_client.py
T
andrew e5d9c7f043 0.6: Spotify OAuth connect flow, AzuraCast base URL, fingerprint/buy-url fixes
- Add "Connect Spotify" OAuth flow (/connect/spotify) so newly created Spotify
  apps can read playlists: Spotify now requires a user token for playlist
  reads, which client-credentials alone can no longer provide. The stored
  refresh token is rendered as spotify-refresh into each playlist's sldl
  .conf -- sldl's own docs confirm supplying it skips its interactive login
  flow, which is what was causing multi-hour hangs on a stuck sync.
  Grandfathered apps keep working unchanged if no account is connected.
- Fix the connect flow's redirect_uri: request.url_for() reflected the raw
  connection scheme (http) rather than what the reverse proxy actually
  served over, which Spotify's exact-match redirect_uri check rejected.
  Force https rather than trust the unproxied scheme.
- Add an AzuraCast base URL credential field alongside the API key, with a
  keyfile fallback so the scheduled enrich-buy-url.py job can actually reach
  AzuraCast (previously it had no way to receive a base URL at all when run
  from the scheduler, so the reprocess call was silently always skipped).
- Fix build-fingerprint-index.py exiting non-zero on any single fingerprint
  failure instead of only when nothing was written.
- Guard enrich-buy-url.py's AzuraCast reprocess against an empty
  --azuracast-base (raised ValueError since PD2 removed the hardcoded base).

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-14 11:16:55 -06:00

106 lines
3.9 KiB
Python

import base64
import re
import time
import httpx
from sqlalchemy.orm import Session
from app.services import credential_service
TOKEN_URL = "https://accounts.spotify.com/api/token"
API_BASE = "https://api.spotify.com/v1"
# Module-level cache: one alembic process, one Spotify app registration --
# a single shared token is fine (single-user app, no per-request identity).
# Keyed by mode too, so connecting/disconnecting an account (switching
# between a user token and a client-credentials token) can't serve a stale
# token minted under the other grant type.
_token_cache: dict = {"token": None, "expires_at": 0.0, "mode": None}
_PLAYLIST_ID_RE = re.compile(r"playlist/([A-Za-z0-9]+)")
def _extract_playlist_id(playlist_url: str) -> str:
m = _PLAYLIST_ID_RE.search(playlist_url)
if not m:
raise ValueError(f"not a Spotify playlist URL: {playlist_url}")
return m.group(1)
def _get_token(db: Session) -> str:
now = time.time()
creds = credential_service.get_scope(db, "spotify")
client_id = creds.get("client_id")
client_secret = creds.get("client_secret")
if not client_id or not client_secret:
raise RuntimeError("Spotify credentials not configured (settings/credentials)")
refresh_token = creds.get("refresh_token")
# A user token (from /connect/spotify) can read playlists on newly created
# Spotify apps; client-credentials can't (Spotify blocks GET /items for
# new apps without user auth). Prefer the user token whenever one is
# connected, falling back to client-credentials for grandfathered apps.
mode = "user" if refresh_token else "client_credentials"
if (
_token_cache["token"]
and _token_cache["mode"] == mode
and _token_cache["expires_at"] > now + 30
):
return _token_cache["token"]
basic = base64.b64encode(f"{client_id}:{client_secret}".encode()).decode()
grant_data = (
{"grant_type": "refresh_token", "refresh_token": refresh_token}
if refresh_token
else {"grant_type": "client_credentials"}
)
resp = httpx.post(
TOKEN_URL,
data=grant_data,
headers={"Authorization": f"Basic {basic}"},
timeout=15,
)
resp.raise_for_status()
data = resp.json()
_token_cache["token"] = data["access_token"]
_token_cache["expires_at"] = now + data["expires_in"]
_token_cache["mode"] = mode
return _token_cache["token"]
def get_playlist_tracks(db: Session, playlist_url: str) -> list[dict]:
"""Return [{"artist": ..., "title": ..., "isrc": ... | None}, ...] for
every track in the playlist, paginated 100/page."""
token = _get_token(db)
playlist_id = _extract_playlist_id(playlist_url)
headers = {"Authorization": f"Bearer {token}"}
tracks = []
# /items, not /tracks: Spotify removed GET /playlists/{id}/tracks in its
# February 2026 API changes in favor of /items (same response shape). New
# apps are 403'd on the old endpoint; grandfathered apps still tolerate it
# for now, but /items is the correct, future-proof one.
url = f"{API_BASE}/playlists/{playlist_id}/items"
params = {"limit": 100, "fields": "items(track(name,artists(name),external_ids)),next"}
while url:
resp = httpx.get(url, params=params, headers=headers, timeout=15)
resp.raise_for_status()
data = resp.json()
for item in data.get("items", []):
track = item.get("track")
if not track:
continue # local files / removed tracks show up as null
artists = track.get("artists") or []
tracks.append(
{
"artist": artists[0]["name"] if artists else "",
"title": track.get("name", ""),
"isrc": (track.get("external_ids") or {}).get("isrc"),
}
)
url = data.get("next")
params = None # `next` is a full URL with its own query string
return tracks