Fix track playback for anonymous sessions #64
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uses the Facebook account login flow to get track playback to work in anonymous sessions. See my comment on #58 for more details.
Also adds Track and Time Cap error codes, when the (anonymous) user has used up all the free tracks they can play without signing in.
While testing, I also noticed that anonymous sessions themselves are also ratelimited and the auth endpoint will return an error if your IP address tries to get too many sessions in a small window of time.
Currently the auth endpoint returns a 500 error when requesting an anonymous session the first time, so there's extra logic to do a retry, as it usually works afterwards. Superagent doesn't seem to save the cookies returned when the status code is 500, otherwise the second auth request would not be required as the landing page will have the credentials needed. Not sure how to fix that, but it still works anyway as the auth response sets the
already_authenticatederror and gives us the credentials we need anyway.